AI Security Intelligence
Published benchmark scores from peer-reviewed research — 52 results across 3 categories. Plus 31 active bug bounty programs.
Model Security Leaderboard
SWE-bench Verified score — the industry standard for autonomous code repair. Models are given real GitHub issues with failing tests; score = % resolved with no human help.
DARPA AI Cyber Challenge (AIxCC)
Official site ↗The most credible real-world AI security competition. Autonomous Cyber Reasoning Systems (CRS) analyze millions of lines of code to find and patch vulnerabilities — with no human intervention.
Notable AI Security Discoveries
All security news →OpenAI releases GPT-5.5 with improved coding and computer control capabilities
OpenAI
OpenAI released GPT-5.5, its latest AI model with enhanced coding, computer operation, and research capabilities. The model is rolling out to paid subscribers in ChatGPT and Codex, with API access coming soon.
Anthropic's Mythos bug-hunting model accessed by unauthorized users, early tests show performance on par with human rese
Anthropic
Anthropic confirmed unauthorized users accessed its Mythos vulnerability detection model through a third-party vendor environment by guessing URL patterns. Early analysis from Mozilla and AWS indicates Mythos performs on par with elite human security researchers rather than surpassing them, despite Anthropic's claims of identifying thousands of critical vulnerabilities.
OpenAI launches Chronicle, opt-in screen capture feature for Codex that mirrors Microsoft Recall
OpenAI
OpenAI has introduced Chronicle, an opt-in research preview for macOS that captures user screens to provide contextual information to its Codex agent. The feature, which echoes Microsoft's controversial Recall, stores screenshots for six hours and sends data to OpenAI servers to generate persistent text-based memories.
Active Bug Bounty Programs
| Program | Organization | Platform | AI Policy | Max Payout | Scope |
|---|---|---|---|---|---|
| Immunefi | Immunefi (platform) | Immunefi | AI Encouraged | $10M | DeFi protocols, smart contracts, Web3 bridges, DAO treasuries |
| HackerOne Programs | HackerOne (platform) | HackerOne | Case by Case | $1M | 1,000+ programs across tech, finance, government, healthcare |
| Apple Security Bounty | Apple | Direct | Not Specified | $1M | iCloud, iOS, macOS, Safari, Apple silicon firmware |
| Bugcrowd Programs | Bugcrowd (platform) | Bugcrowd | Case by Case | $500K | 1,000+ programs — tech, finance, automotive, healthcare |
| Meta Bug Bounty | Meta | HackerOne | AI Allowed | $300K | Facebook, Instagram, WhatsApp, Threads, Messenger, Meta Quest |
| Binance Bug Bounty | Binance | HackerOne | AI Allowed | $250K | Binance.com, mobile apps, exchange API, Binance Smart Chain, Binance Pay |
| Microsoft Bug Bounty | Microsoft | Direct | AI Allowed | $250K | Azure, Microsoft 365, Windows, Xbox, Edge, Bing |
| Google DeepMind AI Safety | Google DeepMind | Direct | AI Encouraged | $250K | Gemini models, Google AI APIs, Vertex AI, AI Studio |
| Coinbase Bug Bounty | Coinbase | HackerOne | AI Allowed | $250K | Coinbase.com, Coinbase Pro, Coinbase Wallet, exchange APIs |
| Vulnerability Reward Program | Direct | AI Allowed | $250K | Google Search, Google Cloud, Android, Chrome, YouTube, Gmail | |
| Ethereum Foundation Bug Bounty | Ethereum Foundation | Direct | AI Encouraged | $250K | Ethereum protocol, EVM, consensus clients (Prysm, Lighthouse, Teku, Nimbus), execution clients (Geth, Nethermind, Besu) |
| Samsung Mobile Security Rewards | Samsung | Direct | AI Allowed | $200K | Samsung Galaxy devices, Knox, One UI, Samsung Health, Samsung Pay, Bixby |
| Kraken Bug Bounty | Kraken | Bugcrowd | AI Allowed | $100K | Kraken.com, Pro Trading, mobile apps, exchange API, Kraken NFT |
| GitHub Security Bug Bounty | GitHub (Microsoft) | HackerOne | AI Allowed | $100K | GitHub.com, Actions, Packages, Codespaces, Copilot |
| OpenAI Bug Bounty | OpenAI | Bugcrowd | Case by Case | $100K | ChatGPT, API (GPT-4o, o3, o4), DALL-E, Sora, OpenAI.com |
| Stripe Bug Bounty | Stripe | HackerOne | AI Allowed | $50K | Stripe.com, Dashboard, API, Connect, Terminal, Stripe.js, mobile SDKs |
| Shopify Bug Bounty | Shopify | HackerOne | AI Allowed | $50K | Shopify.com, Admin, Partner API, Storefront API, POS |
| xAI Bug Bounty | xAI | Bugcrowd | Case by Case | $50K | Grok models, grok.com, xAI API, X AI integrations |
| Anthropic Bug Bounty | Anthropic | HackerOne | Case by Case | $50K | Claude.ai, Anthropic API, Claude models |
| Snap Bug Bounty | Snap Inc. | HackerOne | AI Allowed | $35K | Snapchat, Snap Map, Spotlight, Lens Studio, Snap Kit, Bitmoji |
| PayPal Bug Bounty | PayPal | HackerOne | AI Allowed | $30K | PayPal.com, Venmo, Braintree, PayPal Checkout APIs |
| Hack the Pentagon | US Department of Defense | HackerOne | Case by Case | $25K | DoD public-facing websites, military branches, DISA systems |
| Mistral AI Bug Bounty | Mistral AI | Direct | AI Encouraged | $25K | Mistral API, Le Chat, open-weight model deployments |
| Atlassian Bug Bounty | Atlassian | Bugcrowd | AI Allowed | $25K | Jira, Confluence, Bitbucket, Trello, Atlassian Cloud |
| HackerOne Bug Bounty | HackerOne | HackerOne | AI Encouraged | $25K | HackerOne.com, API, Hacker Dashboard, Customer Portal, Pentest Platform |
| Discord Bug Bounty | Discord | HackerOne | AI Allowed | $20K | Discord.com, desktop/mobile apps, Bots API, Activities, Discord Store |
| Netflix Bug Bounty | Netflix | Bugcrowd | AI Allowed | $20K | Netflix.com, mobile/TV apps, API, Partner portal, Open Connect CDN |
| X (Twitter) Bug Bounty | X Corp. | HackerOne | Not Specified | $15K | X.com, mobile apps, X API, X Premium, Spaces, Communities |
| Tesla Bug Bounty | Tesla | Bugcrowd | Not Specified | $15K | Tesla vehicles (OTA, infotainment), Tesla.com, mobile apps, energy products |
| Verizon Bug Bounty | Verizon | Bugcrowd | Not Specified | $10K | Verizon.com, My Verizon app, Fios, VZ Media, Visible |
| BMW Vulnerability Disclosure | BMW Group | Direct | Not Specified | Varies | BMW Connected Drive, My BMW App, vehicle telematics, ISTA diagnostic systems |
AI tools policy reflects publicly stated program rules where available. Always read individual program scope before submitting. “AI Encouraged” means the program explicitly welcomes AI-assisted research.
Payout Estimator
Estimate potential earnings from AI-assisted bug bounty research. Pick a model and program, adjust your hours and API costs.
Select a model and program above to see estimated earnings
Estimates are illustrative only. Actual results depend on target complexity, researcher skill, vulnerability severity distribution, and program-specific acceptance criteria. The model uses benchmark scores as a proxy for bug-finding capability — real-world performance may differ significantly.