AI is disruptive. Anthropic’s Claude Mythos model, and its successors, promise to be even more disruptive: they could threaten the existing bug bounty and/or in-house offensive security industries.
AI has been widely adopted by both cybersecurity attackers and defenders. Attackers use it to help find bugs and craft attacks from sophisticated social engineering through to developing exploit and malware code. Defenders use it to help detect attacks in progress, detect deepfakes, and help code new software, and for bug bounty hunters and offensive security practitioners, to unearth bugs to fix them before they can be exploited.
So far, AI has proven to be a force multiplier rather than a position replacement. Mythos threatens to alter this balance.
The evolution of bug bounty programs
Bug bounties and pentesting are in a state of flux. That’s nothing new: everything in cybersecurity is constantly in flux. But the Mythos arrival may provide the most rapid flux in offensive security yet.
A bounty is a reward. ‘Dead or alive’, was an early 19th-century US tagline. That concept still survives, but with law enforcement now offering bounties for information on live cybercriminals.
A bug bounty is a reward for finding a bug not a person. In 1983, Hunter & Ready offered a free Volkswagen Beetle car (commonly known as a Bug) as the reward for finding a computer bug in its VRTX operating system. The new tagline was ‘Get a bug if you find a bug’.
The concept of bug bounties had arrived and began to expand from the 1990s: Netscape in 1995; IDefence introducing the middleman concept in 2002 (any person could report any bug to any vendor); Mozilla for Firefox in 2004, Google in 2010, and Facebook in 2011.
The HackerOne (with Kara Sprague as CEO) and Bugcrowd (co-founded by Casey Ellis) bug-bounty platforms were established in 2012, followed by YesWeHack in 2015, and Intigriti (Inti De Ceukelaire) in 2016. These are the four primary bounty platforms.
Throughout the 2010s the concept expanded and many more companies began to offer bug bounties. By 2022, bounty hunter Youssef Samouda was able to tell SecurityWeek, “With Meta and Google, I make around $400,000 per year.” At the end of 2022, AI in the form of LLMs became generally available, and by late 2024 and early 2025 the modern concept of autonomous agentic AI began to take center stage. By June 2025, autonomous offensive security firm XBOW, had achieved #1 position in HackerOne’s leaderboard.
The history of bug bounties shows a consistent combination of expansion with an increasing use of automation and artificial intelligence – which brings us to today. In-house offensive security has followed a similar path but driven by salary rather than reward.
Bug bounty today
Cassim Khouani (known online as Aituglo and listed in the top 30 Hackers on YesWeHack) wrote The state of Bug Bounty in 2026, published on April 13, 2026. In it, he describes using Claude to aid discovery. Overnight, it discovered ten bugs. “Sounds great on paper. Except half of them were duplicates, and the rest took weeks to get triaged because the report queue on that program had become unmanageable. Welcome to bug bounty in 2026.”
He believes bug bounty as we know it today is dying. “What comes next can be better, if we play it right.”
Everybody, he suggests, is using one or other form of AI to search for bugs, 24/7 without getting tired. It succeeds, but with side effects: “We end up in a constant mental fog, jumping from one tmux pane to another, switching from one program to the next.”
And the bounty platforms themselves suffer from so many new AI-assisted submissions, with triaging and payments taking longer. Companies paying bounties are also suffering with more bug reports, some of poor quality and some critical.
“More and more companies are stepping back from bug bounty,” he writes, “while others [such as Google] increase their rewards or change their policy.” Note that after Khouani wrote this in mid-April 2026, Google lowered its Chrome bug bounties and raised its Android bounties on April 30, 2026, citing AI as the cause for both.
This is flux with its foot on the pedal: rapid change but not necessarily for the better.
“The bug bounty of 2024 is dead. The one in 2026 is a different sport. The hunters who will make it are not those who launch the most agents, but those who know what to look for and where to look. AI is a multiplier, not a replacement.”
This was written by Khouani based on his experience of using Claude to assist in bug finding. But then along came Claude Mythos, announced almost at the same moment he published his article. Anthropic’s claims for Mythos going forward suggest the future of AI is more than just a force multiplier.
Mythos discovering vulnerabilities
Mythos reportedly performs better than any other AI model in finding zero day bugs. “Over the past few weeks, we have used Claude Mythos Preview to identify thousands of zero-day vulnerabilities (that is, flaws that were previously unknown to the software’s developers),” announced Anthropic on April 7, 2026, “many of them critical, in every major operating system and every major web browser, along with a range of other important pieces of software.”
In May 2026, Anthropic said its Mythos Preview had identified more than 23,000 potential vulnerabilities after scanning thousands of open-source software projects.
Anthropic is apparently so concerned about its ability to find unfound bugs that it has released Mythos Preview to major software providers, allowing them to find and fix their own vulnerabilities (Project Glasswing) before the model becomes generally available.
The CSA is equally concerned, having published a paper titled, “The ‘AI Vulnerability Storm’: Building a ‘Mythos-ready’ Security Program”, in which it recommends: “Introduce AI agents to the cyber workforce across the board, enabling defenders to match attackers speed and begin closing the gap.”
Fed Chair Powell and Treasury Secretary Bessent met with the heads of major US banks to discuss the cyber risks that may be introduced by Mythos; Reuters has reported ‘Banking industry scrambles for Anthropic’s Mythos as global regulators review risks’; and the media has been full of wild, weird, and wonderful reporting.
But one area has had little reporting so far: if Mythos is capable of finding bugs and developing exploit chains so rapidly, what effect will this have on the value and future of the existing bug bounty and offensive security industries? Organizations could just point Mythos at their software and find the bugs without needing to pay bounties or employ expensive pentesters and red teams.
The future of bug bounty and offensive security
Bug bounty and offensive security are not going away; but both must adapt to a new reality. AI is like sniping: the projectile and its effect may be autonomous, but it still needs a human to aim and pull the trigger. Complete autonomy is still in the future, and that human involvement will remain for years to come. It’s the speed of delivery and the accuracy that has changed.
Keep Calm and Carry On: Mythos is not revolutionary
Tod Beardsley, VP of security research at runZero, counsels that Mythos should be viewed in the historical concept of an industry barely 30 years old: any advance will seem huge and disruptive while it’s happening. “To be blunt, I don’t think Mythos is fundamentally different or the ‘YOU MUST BUY THIS’ security tooling that Anthropic’s marketing would like us to believe. It’s better tooling, for sure…”
But, he adds, “To think that this (or any) model is so fundamentally powerful, dangerous, and revolutionary that you’d be a fool to not buy is to ride along with the classic FUD-based marketing that so often colors cybersecurity marketing… This is just another step on the road to better understanding the risk profile of your particular network.”
Richard Ford, CTO at Integrity360, agrees with the need to stay calm but adds, ‘be ready to adapt’. “Anthropic’s own system card shows that this level of performance relied on uncensored models, extended compute, and heavy resampling. In other words, this is not yet a real-world scenario.”
Nevertheless, he adds, “Bug bounty programs and human-led testing rely on expertise and time. AI will start to reshape that, although areas like business logic will still depend on human understanding.”
It’s adaptation, not replacement, says Chris Payne, VP of forward deployed cyber engineers at Sevii. “Discovery accelerates for everyone, but the real bottleneck has always been investigation and remediation. The defenders who win will pair agentic AI with strong governance so they can investigate, hunt, and remediate at machine speed and endless scale, which will close the gap attackers are widening as we speak.”
Jon David, co-founder and MD at NR Labs, agrees with this. The power of Mythos and future AI will allow attackers to find and exploit vulnerabilities faster than defenders can fix them. “But if we leverage AI in the same capacity, it also allows us to find and patch the vulnerabilities before they’re public in production. We must just make sure we’re using the same capabilities as the attackers on ourselves before they do.”
This should ensure the continuance of in-house offensive security teams. Bounty hunters and bounty platforms have a slightly different problem to solve: participating companies are likely to become reluctant to pay bounties for an increasing volume of existing but largely irrelevant bug slop already found by hunters and their AI agents, and likely to increase with Mythos.
“The widely used Curl project ended its HackerOne program in January 2026 because over 95% of submissions were AI-generated junk,” comments Melissa Bischoping, head of threat research & intelligence at Tanium. “HackerOne [also] paused the Internet Bug Bounty in March, explicitly citing an imbalance between AI-assisted discovery and remediation capacity. Mythos makes this worse by an order of magnitude.”
The need for adaptation. Evolving AI increases the speed of discovery and decreases the time to exploitation. Kara Sprague, CEO at HackerOne, points out this is not the gap meant in the CSA report. “The gap they are describing isn’t the gap from discovery to exploitation; it’s clear that it has already collapsed. The gap they are referring to is the operational gap between discovery and remediation: organizations still patch on human timelines, manage risk through quarterly assessments and run remediation through change processes that were never designed for AI-velocity threats.”
AI-assisted discovery has flooded programs with low-to-mid-severity findings that maintainers cannot absorb. This will increase with Mythos. “The incentives of such bounty programs need to be rebalanced to favor remediation, which is now the key constraint,” she continues.
“Vulnerability findings often sit for a long time before remediation, and this trend will continue as the volume increases. It then becomes a question of prioritizing learning from mistakes rather than focusing on individual issues as that approach hasn’t been scalable and certainly won’t be as these advanced models become more distributed,” adds Shlomie Liberow, founder at aisy.ai, and formerly head of hacker R&D at HackerOne.
Bounty platforms are already strained by the number of bugs being discovered. And corporations are unable to keep pace with existing patch levels. What is required is the ability to prioritize high severity bugs over low value bugs, and incentives to prioritize high severity over low value will be built into the programs.
The longer view. Corporate options for vulnerability detection remain primarily third-party bounty hunters or in-house offensive security teams. The best option will be governed by whichever adopts the latest technology functionality faster and more intelligently.
“Today, frontier model providers (like Anthropic) make AI abundantly cheap to use, reducing the cost of vulnerability research,” suggests Aaron Sant Miller, VP and AI lead for Booz Allen’s Integrated Cyber Business.
“If organizations increasingly choose to bring this function in-house, you can expect the bug bounty industry to take a hit. Conversely, bounty hunters may find AI reduces their own cost and time – we may see more bounties executed per month, at a lower cost per bounty. Today’s balancing act will be shaped by adoption.”
It may be different tomorrow. The current cost of AI is being eaten by the frontier model developers, and the price to users is artificially low. Once the market has been hooked, the developers may increase their prices to reflect the true market cost. When that happens, organizations will reconsider outsourcing again.
“Once AI usage costs begin to reflect their true operating costs, the cost of bug discovery will normalize; organizations and hunters alike will have to determine the fair market price for vulnerability discovery,” he continues. “Overall, in-house security teams that readily adopt AI and evolve their workflows will be more resilient to the disruption.”
Sprague agrees that the market for vulnerability hunting is already changing, but she notes, “The total value of the bounty market is growing, not shrinking. High-severity, business-logic and AI-specific vulnerability research (for example, prompt injection, model extraction, adversarial manipulation) is paying more than ever, because very few researchers can do it well.”
For in-house offensive teams, she says, “Red teaming was already evolving beyond ‘can we get in’ toward mapping business process fraud paths, executive targeting, third-party compromise chains, privileged identity abuse across SaaS estates. Mythos can’t model your business. It can’t tell you that the real crown jewel isn’t in the codebase at all.”
She sees continuous AI-executed adversarial testing with human expertise woven throughout. “Novel attack paths, business logic vulnerabilities and the creative lateral thinking that turns a low-severity finding into a crown jewel compromise still require human ingenuity. AI raises the floor; it doesn’t replace the ceiling.”
Summary
AI is changing the rules for human vulnerability hunters, but not replacing the requirement. AI can find a never-ending volume of bugs – they will always exist, in both old and new software. But this new AI-discovered volume of bugs, with many of them being low severity, ultimately inconsequential slop, has highlighted the real problem. It’s not finding the bugs (that hasn’t been a problem for years); it’s distinguishing the meat from the slop with rapid remediation.
AI is not good at this. It requires human knowledge and ingenuity. In-house human offensive security, using AI but not relying on it, can do this well – and the value of in-house detection and remediation will remain.
External bounty hunting will be most impacted, but will continue to offer a valuable service if the bounty paid can be refocused on critical bugs and remediation. This will offer a valuable alternative for those companies that find employment of a permanent in-house team to be too costly.
Vulnerability hunting, like every other aspect of cybersecurity, is subject to new technology. And like every other aspect of cybersecurity, the advice to practitioners remains the same: keep calm, adapt, and carry on.
Related: Cyber Insights 2026: Offensive Security; Where It Is and Where It’s Going
Related: OpenAI Launches Bug Bounty Program for Abuse and Safety Risks
Related: Microsoft Bug Bounty Program Expanded to Third-Party Code
Related: Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program
