Skip to content
feed: live
>_ 0dayNews
threat intel
Analysis

AI can find the bug. Proving it is still the job.

SANS Fellow Stephen Sims argues the noise-to-signal ratio in bug bounty has shifted, but the proof-of-exploit standard hasn't — Bugcrowd's own policy shift agrees.

AI can find the bug. Proving it is still the job.
Image: 0dayNews / 0dayNews Editorial · All rights reserved
kilobaud Dave "Kilobaud" Ferris · Published · 3 min read

SANS Fellow Stephen Sims published a contributed piece on The Hacker News on 2026-07-16 arguing that AI-assisted vulnerability discovery has changed the volume and the tempo of security work but has not moved the one line the discipline has always defended: a finding is not a finding until somebody has proven it. He anchors the argument in a specific data point — Bugcrowd’s own recent policy changes addressing what the platform now describes publicly as a surge of “thin evidence” AI-generated submissions with templated language — and in a working checklist a triager can actually run against a report before promoting it from lead to validated bug.

The standard, unchanged

Sims is not saying anything the field has not said before. The proof-of-exploit standard is the oldest and most boring bar in the room. You do not have a bug until you can demonstrate that the code path is reachable, that the boundary crossing actually happens, and that the effect an attacker gets on the other side is materially worse than the effect they were entitled to. Everything else is a hypothesis. That has been the standard for as long as CERT/CC has been coordinating disclosure, and it is not moving.

What has moved is the cost of generating hypotheses. A capable practitioner with a good LLM harness and a decent code-slicing pass can now produce dozens of plausible-looking findings against a mid-sized codebase in an afternoon, at a price point that used to buy about ten minutes of an actual reverse engineer’s time. That is a real capability. It is not the same capability as producing dozens of proven findings, and the interesting part of Sims’s piece is that he is not pretending it is.

Bugcrowd’s problem is everyone’s problem

The Bugcrowd angle is the concrete edge of the argument. A bug bounty platform is a triage function first and a payout mechanism second — the whole business model depends on the receiving end being able to separate signal from noise faster than the sending end can produce noise. That relationship has held for a decade because generating noise cost the sender something. If the cost of producing a polished-looking submission with a plausible CVSS estimate and a plausible reproduction narrative falls to near zero, and the cost of triaging one does not, the equilibrium breaks. Bugcrowd’s policy shift is not a moral judgment on AI-assisted researchers; it is arithmetic.

Every internal security team is about to run into a smaller version of the same math. The intake queue for “an engineer found something with an assistant” already looks different than it did a year ago, and the people doing the intake are the same people they were a year ago. The bar Sims is defending — reachability, boundary, demonstrated impact — is the one that keeps that queue tractable. Weaken it, and the queue becomes theatre.

Where this fits

The neighboring datapoints on this desk in the last two weeks tell the same story from three sides. Intruder shipped an LLM-driven “vulnerability vending machine” and disclosed a WordPress plugin zero-day the responsible way, which is the version of this trajectory where the discipline holds. Unit 42’s TuxBot v3 writeup is the version where an offensive operator shipped the same class of tool with the raw model reasoning still embedded in the payload, sloppily. Microsoft’s record 622-CVE Patch Tuesday, which the vendor partly attributed to AI-assisted internal triage, is the version where the receiving side scales up the muscle it uses to actually confirm and fix things.

The pattern is the same one the field has walked before. A new tool lowers the cost of one part of the pipeline. The other parts do not automatically follow. The people who ignored that in past cycles ended up with beautifully catalogued lists of things that were not actually true. The gatekeeper role — the person who insists on the reproduction, insists on the impact, insists on the boundary — does not go away because a language model can write a persuasive report about a bug that does not exist. If anything, it gets more valuable. The same standard, in the same place, doing the same job. That is not a story of change. It is a story of what did not change, which is often the interesting story.

Broader coverage of AI in offensive and defensive security lives at /topics/threat-intel/.

Found this useful? Share it.