#bug bounty
5 stories taggedbug bounty.

AI Finds Bugs Fast. Proving They're Real Still Takes a Human.
AI tools can scan code and spit out vulnerabilities at speed, but a finding is worthless until someone shows it actually works. Here's why that gap matters for anyone worried about software security.

ServiceNow's Unauthenticated API Endpoint Left Tenant Data Exposed for Months
An API resource shipped with authentication disabled by default. Now enterprises are asking whether the 'security researcher' explanation fully covers what got accessed.

Anthropic's Mythos Shows AI Can Find Bugs Faster Than Humans. The Bug Bounty Model May Not Survive It.
Machine-speed vulnerability discovery is no longer theoretical. The question now is whether the bounty ecosystem — and the offensive security teams inside it — are priced and structured for a world where finding flaws is the easy part.

Microsoft Threatened a Bug Hunter With Legal Action. Now It's Walking That Back.
A researcher dropped unpatched zero-days with working exploits. Microsoft's first response was to reach for the lawyers. That went poorly.

Microsoft and Researcher Nightmare Eclipse Trade Public Accusations Over Disclosure Gone Wrong
A researcher who published unpatched vulnerability details says Microsoft deleted his accounts and ruined his life. Microsoft says his drops put proof-of-concept code in criminals' hands. Neither is entirely wrong.