Will AI Kill the Bug Bounty Industry?

AI is disruptive. Anthropic’s Claude Mythos model, and its successors, promise to be even more disruptive: they could threaten the existing bug bounty and/or in-house offensive security industries.

AI has been widely adopted by both cybersecurity attackers and defenders. Attackers use it to help find bugs and craft attacks from sophisticated social engineering through to developing exploit and malware code. Defenders use it to help detect attacks in progress, detect deepfakes, and help code new software, and for bug bounty hunters and offensive security practitioners, to unearth bugs to fix them before they can be exploited.

So far, AI has proven to be a force multiplier rather than a position replacement. Mythos threatens to alter this balance.

The evolution of bug bounty programs

Bug bounties and pentesting are in a state of flux. That’s nothing new: everything in cybersecurity is constantly in flux. But the Mythos arrival may provide the most rapid flux in offensive security yet.