HACKERONE has suspended new vulnerability submissions to its crowdsourced Internet Bug Bounty (IBB) program, effective March 27, in response to what it called a worsening imbalance between vulnerability discoveries and open source remediation capacity. According to HackerOne, AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed, while the remediation bottleneck has not scaled accordingly.
Node[.]js project maintainers subsequently paused their own bug bounty programme, citing a loss of funding previously provided via HackerOne. Security experts described the move as a rational correction to bug bounty ecosystems operating under AI pressure, with claims that AI can generate thousands of reports that overwhelm volunteer teams.
Industry voices emphasise that the real challenge is funding remediation and sustaining fixes, not just finding vulnerabilities, as automation shifts the bottleneck from discovery to the capacity to ship patches.