The Rails security team has been dealing with a surge of low-quality AI-generated bug bounty reports since 2025, which undermined the Internet Bug Bounty (IBB) program. AI lowered the barrier to submit reports that looked legitimate but weren't, including one case where a reporter accidentally submitted raw AI-generated output with instructions still intact. The IBB has since stopped accepting new submissions and paying bounties, likely due to this AI-spam problem. This leaves legitimate researchers without financial incentives and the Rails team fielding questions about unpaid bounties they have no visibility into.
Sort: