I have a lot of thoughts on how AI will affect things, including bug bounty. And most of it is speculation, of course, but I have to put this out into the world because I want to know if this is correct in a year or two.
There are 2 main things I want to talk about. One is that the proliferation of high quality coding agents allows anyone to build like 80% of prior software products. So anyone with Claude Code right now can vibe code up a security logging platform (a bad one, but one that works) and go passionately sell it to a bunch of local businesses that don’t have the expertise to know any better.
And specifically for our industry, anyone can build a hackbot right now (my favorite term for an AI pentesting bot). You just give Claude code some skills. So how are buyers supposed to know which service to buy when there will be hundreds or thousands of them in the next year. It’s going to be really tough. It makes me think evals and benchmarks are going to be even more important than they currently are (and they’re already a major industry focus).
It reinforces the fact that sales, marketing, and brand are going to matter SO MUCH. Because if there are 1,000 vendors for something, who are you going to buy from? Probably the one your friend sells or recommends or one you trust the most.
The second thing is more personal to me. I’ve been doing bug bounty for years now, and I love it. But I (and most people I know) are using coding agents like Claude Code to find bugs at a faster rate. My prediction based on what I’m doing and what all my friends are doing, is that this year will be absolutely insane. I think there will be twice as many bugs submitted this year across bug bounty platforms compared to last year.
The downside is that I think companies will start running coding agents (like Claude Code) as hackbots internally, both for code review and also as hackbots to test them blackbox, and we’ll see the number of bugs reported to BB programs dwindle in the year or two after that. It won’t really “go away” but I think it’ll be much tougher to thrive.
I love practical takeaways. To me, the big takeaway is that this year is massively important. Level up. Scale up. And buckle up. It’s going to be really interesting.
- Joseph
Sign up for my email list to know when I post more content like this. I also post my thoughts on Twitter/X.
