Internet Bug Bounty Program Pauses Payouts — AI Is Finding Bugs Faster Than Anyone Can Fix Them

This is one of the most important stories this week and it has nothing to do with a product launch. AI just broke the economics of open source security. Discovery was always the bottleneck — find the bug, get paid, someone fixes it. Now AI can find bugs at industrial scale, but the humans who actually understand the code well enough to fix them have not scaled at all. The ratio flipped and the whole system seized up. This is the pattern that will repeat across every domain AI touches: the easy part gets automated, the hard part stays hard, and the bottleneck shifts to the thing nobody was investing in. For anyone building on open source — which is everyone — this should be alarming. Your dependencies are about to have more known vulnerabilities and fewer people paid to fix them. The real shift here is not "AI finds bugs." It is that AI-accelerated discovery without AI-accelerated remediation makes the ecosystem less secure, not more. Speed without judgment, again.