Is Bug Bounty Dead? How AI Changed Security Research Forever | Dr. Katie Paxton-Fear скачать в хорошем качестве

Is Bug Bounty Dead? How AI Changed Security Research Forever | Dr. Katie Paxton-Fear

In this keynote from APISECCON 2026, APISEC University's 2025 API Security Person of the Year Dr. Katie Paxton-Fear (Security Advocate at Semgrep) delivers a candid, data-driven talk on the state of bug bounty hunting in the age of AI. Katie explores the economics of bug bounty — why programs aren't necessarily incentivized to pay, why low-severity bounties are disappearing, and what "AI slop" (AI-generated vulnerability reports with no real human insight) is doing to the ecosystem. The curl open-source project's experience is a case study: AI-generated nonsense reports surged so dramatically in 2024 that they ended their bug bounty program entirely. But it's not all doom and gloom. Katie makes a compelling case that bug bounty is NOT dead — it's evolving. The bugs AI can't reliably find are the most valuable ones: complex business logic errors, competing authorization framework collisions, and vulnerabilities that require deep contextual understanding of an application. Key takeaways: Why low-hanging fruit bugs are mostly gone (or near-worthless) What AI tools are capable of — and their real cost Why bug bounty is still one of the best ways to break into cybersecurity What types of vulnerabilities humans will always find better than AI #BugBounty #APISecurity #AIHacking #CyberSecurity #AppSec #APISECCON