内容来源：https://www.wired.com/story/the-ai-era-is-creating-a-bug-hunting-arms-race/

内容总结：

AI冲击波下的漏洞赏金行业：从“香饽饽”到“海量垃圾”，巨头加码与中小公司承压

十年前，奖励研究人员提交软件安全漏洞的项目刚刚兴起。漏洞披露与“赏金计划”的普及，标志着机构从对安全研究的敌视与防御，转向承认接收反馈、发布修复补丁的必要性。以苹果为例，其2016年首次推出赏金计划时，最高奖励为20万美元；2019年升至100万美元，去年更是达到了200万美元。然而，这一局面正迎来剧变。

随着AI智能体（agentic AI）能够自主识别软件漏洞并开发利用工具（即发现弱点并制作黑客工具），漏洞披露计划正被海量提交淹没，同时机构自身也发现了比以往更多的漏洞。这种“供给过剩”正在改变赏金行业的经济逻辑，对征集漏洞的机构与以“挖洞”为生或补贴收入的研究员都产生了深远影响。更重要的是，攻击者也同样在经历这一变化。

独立安全研究员Joseph Thacker表示：“我提交的漏洞数量大约是去年同期的三倍。我估计像谷歌这样的公司，今年在漏洞奖励上的支出会是去年的2到10倍。”他补充道，科技巨头能应对这种压力，但大多数公司做不到。“现在人们提交的是中低难度的漏洞——AI智能体正在发现真正高质量的漏洞。但明年提交的漏洞会减少，因为很多已被发现，届时一些公司可能再次提高赏金。”

Thacker和其他研究员坦言，没人能准确预测这种供需动态的长期走向。如果AI在漏洞发现和自动化系统扫描方面对攻击者同样有效，开发者的补丁发布压力将进一步加大，可能加速过去来之不易的“90天披露窗口”等标准流程。安全研究员Himanshu Anand指出，90天负责披露窗口是为“漏洞发现者稀缺、利用开发缓慢”的世界设计的，而这个世界已经终结，大语言模型（LLM）压缩了整个时间线。

现实世界的攻击紧迫性正在加剧。谷歌本月早些时候发布的研究显示，其观察到“知名网络犯罪威胁行为者”尝试利用AI工具开发的零日漏洞，绕过某开源系统管理平台的双因素认证。谷歌威胁情报集团首席分析师John Hultquist称：“我们都以为这种情况已经发生，而这是我们首次获得的实证。”他警告，民族国家威胁虽然严重，但绝大多数企业面对的仍是犯罪团伙，零日漏洞落入后者手中，其影响不容低估。

对靠“挖洞”谋生的研究员而言，时代正在改变。命令行工具Curl在1月因收到大量AI生成的低质量报告而终止了其漏洞赏金计划，称“漏洞赏金让人们有过强动机去恶意制造或编造‘问题’，导致过载和滥用”。Linux创始人Linus Torvalds也抱怨，著名的Linux安全邮件列表已因AI报告数量激增和重复而“几乎无法管理”。不过，Curl创始人Daniel Stenberg后续表示，过去几个月提交质量有所回升，不再有“AI垃圾报告”，取而代之的是前所未有频率的高质量报告，但这也带来了沉重负载。

面对这一变局，科技巨头开始调整策略。4月底，谷歌宣布改革其Chrome和Android漏洞奖励计划，降低部分漏洞奖金，同时提高其他类别奖金，声称要“确保奖励最有挑战性和影响力的漏洞”。有研究员指出，拥有特殊技能的前10%优秀“挖洞者”仍能从大公司获得奖励，但通过AI加速漏洞发现的同时，必须大力激励道德研究人员关注公共基础设施等关键系统。

从业者普遍认为，虽然AI改变了行业动态，但依然需要人类时间投入。安全专家Alex Zenla强调，这是“人力+AI”的新模式。而长期研究网络安全的研究员Niels Provos则指出：“仅靠打补丁是走不出去的，必须建设能让尽可能多的漏洞变得无关紧要的基础设施。”

中文翻译：

十年前，为奖励研究人员提交软件漏洞发现而设立的项目才刚刚开始成为主流。漏洞披露和“漏洞赏金”计划代表着多年酝酿的范式转变——使相关机构从对安全研究发现的敌意和防御姿态，转变为承认接收反馈并发布修复补丁是必要的。当苹果终于在2016年宣布推出漏洞赏金计划时，最高奖励为20万美元。2019年升至100万美元，去年又升至200万美元。但这一切即将再次改变。

随着自主式人工智能模型在自主识别软件漏洞以及开发利用这些漏洞的方法（换言之，识别弱点并创建黑客工具）方面变得越来越熟练，漏洞披露计划正被大量提交的报告淹没，与此同时，机构自身发现的漏洞也比以往任何时候都多。这种充裕正在改变漏洞赏金的经济格局，影响着征集漏洞报告的机构和研究人员双方，其中一些研究人员目前以漏洞猎寻为生或将其作为补充收入来源。而且，至关重要的是，这个领域对攻击者来说也在同步发生变化。

独立安全研究员约瑟夫·撒克表示：“我提交的漏洞数量可能比去年这个时候多了三倍——我怀疑像谷歌这样的公司，在漏洞奖金上的支出会是去年的两到十倍。”他开发了在自己漏洞猎寻中使用人工智能的方法和工具。

他补充说，科技巨头“能够应对那种压力，但大多数公司做不到。现在人们提交的会是低垂的果实和中等难度的漏洞——智能体正在发现真正的好漏洞。但明年提交的漏洞将会减少，因为其中很多已经被发现了，而且我认为一些公司会再次提高奖金金额。”

撒克和其他研究人员坦率承认，没有人确切知道供需动态将如何长期演变。而且，取决于攻击者利用人工智能发现漏洞和进行自动化系统扫描的效果如何，开发者可能会感受到更快的修补程序发布压力——这可能会加速如90天披露期限（即从发现漏洞到公开披露之间的固定窗口期，通常能促使补丁发布）这样长期存在且来之不易的标准。

正如安全研究员希曼舒·阿南德本月早些时候所写：“‘90天负责任披露窗口’是为一个漏洞发现者稀少、漏洞利用开发缓慢的世界而设立的。那个世界已经一去不复返了。大型语言模型压缩了这两个时间线。”

至关重要的是，攻击者迫使的责任担当也可能促使机构加快在其系统中部署漏洞修复的速度。补丁的激增一直是一个关键但复杂的安全挑战，因为如果没有适当的测试，大规模安装新软件可能会产生意想不到的后果，包括系统中断等最坏情况。

由人工智能推动的现实世界攻击似乎正变得越来越紧迫，无论技术娴熟还是不熟练的攻击者都在寻求扩展自身能力并降低成本。例如，在本月早些时候发布的研究结果中，谷歌的研究人员表示，他们观察到“著名的网络犯罪威胁行为者”（他们拒绝透露具体身份）试图利用一个他们使用人工智能工具开发的零日漏洞（即此前未知的漏洞），以绕过某个开源系统管理平台上的双重身份验证。谷歌迅速通知了开发者，后者针对该漏洞发布了修复程序。但研究人员表示，这一事件是漏洞猎寻格局变化的关键例证。

“我们都假设这已经在发生，而这是我们首次有证据表明它确实在发生，”谷歌威胁情报集团首席分析师约翰·胡尔奎斯特在谈及攻击者利用人工智能发现新漏洞并创建利用程序时说道。

胡尔奎斯特补充说：“国家层面的问题非常严重且真实，但犯罪分子仍然构成了各机构应对的绝大多数安全事件，而且其中许多事件相当严重。犯罪分子对零日漏洞的使用过去一直相当有限，而那些使用零日漏洞的犯罪分子往往非常成功，所以我认为我们不应该低估更多犯罪分子手中握有零日漏洞所带来的影响。”

然而，对于通过漏洞猎寻赚钱的研究人员来说，时代正在改变。命令行工具Curl在1月份终止了其通过第三方服务HackerOne运营的漏洞赏金计划，原因是收到了大量由人工智能生成的低质量提交报告。

该团队当时写道：“我们经过艰难尝试得出结论，漏洞赏金计划给人们提供了过于强烈的动机，去恶意寻找并捏造‘问题’，从而导致超负荷和滥用行为。”他们补充说，“我们仍然重视并感谢有效的漏洞报告。”

上周，Linux创始人兼首席开发者林纳斯·托瓦兹写道，著名的Linux安全邮件列表已变得“几乎完全无法管理”，原因是来自人工智能的漏洞报告数量庞大且重复。

不过，今年4月，Curl的创始人兼首席开发者丹尼尔·斯滕伯格在领英上发帖称，提交的报告质量有所提高。他写道：“在过去的几个月里，我们不再收到Curl项目中那些人工智能生成的垃圾安全报告了。相反，我们收到的真正优质安全报告数量不断增加，几乎都是借助人工智能完成的。它们以前所未有的频率被提交，给我们带来了巨大的工作压力。”

4月底，谷歌宣布正在对Chrome和Android的漏洞奖励计划进行彻底改革，降低了某些类别漏洞的奖励金额，同时提高了其他类别的奖励。

该公司写道：“随着安全研究领域伴随人工智能的发展而演变，我们正在对我们的项目进行调整，以确保我们奖励的是产品中最具挑战性和影响力的漏洞。”

“我认为，拥有特殊技能的顶尖漏洞猎手（处于第90百分位的），将始终能够有所发现并从大公司获得奖金，”既是心脏病专家又是漏洞赏金猎人的乔纳森·邓恩说。“但即使有了人工智能，我们也需要大力激励道德研究人员去发现公共基础设施和其他关键系统中的问题，否则这些系统可能无法从防御者那里得到足够的关注。”

就目前而言，大多数机构似乎准备采用所有能想到的解决方案来应对（并利用）漏洞发现加速这一现象（及其益处）。“这正在改变漏洞猎寻行业的动态，但绝对仍然需要投入人力时间，”云安全公司Edera的首席技术官亚历克斯·泽拉说。

本月早些时候，Anthropic推出了一项通过HackerOne管理的漏洞赏金计划，奖励研究人员提交关于该公司自身系统和Claude人工智能模型的发现。然而，越来越多的研究人员认为，需要结构性防御措施来应对加速的漏洞发现。换句话说，他们正在针对不同类别的漏洞设计数字解决方案，以消除这些漏洞或使其在实践中更难以被利用。

“你无法仅仅通过打补丁来解决这个问题，”长期从事安全工程师和研究员工作的尼尔斯·普罗沃斯说。“你需要构建基础设施，使尽可能多的漏洞变得无关紧要。”

英文来源：

A decade ago, programs to reward researchers for submitting software vulnerability findings were just starting to go mainstream. Vulnerability disclosure and “bug bounty” programs represented a paradigm shift years in the making—moving institutions from hostility and defensiveness about security research findings to acknowledgement that receiving input and releasing fixes was necessary. When Apple finally announced a bug bounty in 2016, the top reward was $200,000. It rose to $1 million in 2019 and $2 million last year. But all of that is about to change again.
As agentic AI models become more adept at both autonomously identifying software vulnerabilities and developing exploits for them—in other words, identifying weaknesses and creating hacking tools—vulnerability disclosure programs are being flooded just as organizations are finding more bugs than ever themselves. This abundance is changing the economics of bug bounties for both institutions soliciting submissions and researchers, some of whom currently make a living or supplement their income with bug hunting. And, crucially, the field is changing in lockstep for attackers, too.
“I’ve probably submitted three times more bugs than I did last year at this time—I would suspect that a company like Google is going to spend two to 10 times as much on bug payouts as they did last year,” says independent security researcher Joseph Thacker, who has developed methods and tools for using AI in his own bug hunting.
Tech giants, he adds, ”can handle that pressure, but most companies can’t. Right now people will be submitting low- and medium-hanging fruit—agents are finding really good bugs. But next year there will be fewer bugs submitted because a lot of that will already have been found, and I think some companies will up their payouts again.”
Thacker and other researchers readily admit, that no one knows exactly how the supply and demand dynamics will play out long term. And depending on how effective AI exploit discovery and automated system scanning is for attackers, developers may start to feel even more pressure to quickly release patches—potentially speeding longstanding and hard-won standards like 90-day disclosure deadlines (set windows between finding bugs and disclosing them publicly that often spur patch releases).
As security researcher Himanshu Anand wrote earlier this month, “The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world is gone. LLMs have compressed both timelines.”
Crucially, forced accountability by attackers could also motivate improvements in how quickly organizations deploy vulnerability fixes in their systems. Patch proliferation has always been a crucial but complex security challenge given that, without proper testing, installing new software at scale can have unintended consequences, including worst-case scenarios like outages.
The urgency of real-world attacks facilitated by AI seems to be growing, with both sophisticated and less-proficient actors looking to expand their capabilities and cut costs. In findings published earlier this month, for example, Google researchers said that they had observed “prominent cyber crime threat actors” (whom they declined to identify) attempting to exploit a zero-day—or previously unknown—vulnerability that they had developed using AI tools to bypass two-factor authentication on an open source system administration platform. Google quickly notified the developer and they issued a fix for the flaw. But the researchers said that incident was a crucial illustration of the changing bug-hunting landscape.
“We all assumed it was already happening, and this is our first evidence that it is happening,” John Hultquist, Google Threat Intelligence Group chief analyst, says of attackers using AI to discover novel vulnerabilities and create exploits.
“Nation state issues are very serious and very real, but criminal actors still make up the vast majority of incidents that organizations deal with and many of those incidents are quite serious,” Hultquist adds. “Zero-day use by criminal actors has been fairly limited, and the ones that do use them tend to be really successful, so I think we shouldn’t underestimate the impact of more criminals with a zero day in their hands.”
For researchers making money through bug hunting, though, times are changing. The command-line tool Curl ended its bug bounty program (run through third-party service HackerOne) in January after being inundated with low-quality submissions generated by AI.
“We have concluded the hard way that a bug bounty gives people too strong incentives to find and make up ‘problems’ in bad faith that cause overload and abuse,” the group wrote at the time, adding that “we still appreciate and value valid vulnerability reports.”
Last week, Linux creator and lead developer Linus Torvalds wrote that the famed Linux security mailing list has become “almost entirely unmanageable” because of high volume and duplicate AI bug reports.
In April, though, Daniel Stenberg, the founder and lead developer of Curl, said in a LinkedIn post that the quality of submissions had improved. “Over the last few months, we have stopped getting AI slop security reports in the curl project,” he wrote. “Instead we get an ever-increasing amount of really good security reports, almost all done with the help of AI. They're submitted in a never-before seen frequency and put us under serious load.”
And at the end of April, Google announced that it was overhauling its Vulnerability Reward Programs for Chrome and Android and lowering payouts for some classes of bugs, while increasing others.
“As the security research landscape evolves with AI, we're making changes in our programs to ensure we're rewarding the most challenging and impactful vulnerabilities in our products,” the company wrote.
“I think 90th percentile bug hunters with special skills will always be able to have findings and get payouts from big companies," says Jonathan Dunn, a cardiologist who is also a bug bounty hunter. “But even with AI, we also need to heavily incentivize ethical researchers to find stuff on public infrastructure and other critical systems that otherwise may not get enough attention from defenders.”
For now, most organizations seem ready to throw every solution they can think of at the problem (and benefit) of accelerated bug discovery. “This is changing the dynamics of the bug-hunting industry, but it absolutely still requires human time,” says Alex Zenla, chief technology officer of cloud security firm Edera.
Earlier this month, Anthropic launched a HackerOne bug bounty for researchers to submit findings on the company's own systems and Claude AI models. Increasingly, though, some researchers argue that structural defenses are necessary to address accelerating vulnerability discovery. In other words, they're architecting digital solutions for different classes of vulnerabilities that eliminate them or make them significantly less exploitable in practice.
“You can’t patch your way out of this,” says longtime security engineer and researcher Niels Provos. “You need to build infrastructure that makes as many bugs as possible irrelevant.”