{"data":{"id":"d4a6c897-0bba-416d-b379-dbb348278902","title":"GitHub scales back bug bounties, reminds users security is their responsibility too","summary":"GitHub is replacing cash bounties with swag rewards for low-impact bug reports and asking researchers to stop submitting low-quality reports, because AI tools have flooded the platform with submissions that don't represent real security risks. The company clarified that many rejected reports describe scenarios where users must actively engage with malicious content (like cloning a malicious repository), which means the security boundary lies with the user's decision to trust that content rather than with GitHub's security controls.","solution":"GitHub requires that all AI-generated submissions must be reviewed and validated by a human first, a rule that applies to any tool used to help with bug hunting. The company also publishes a list of submission types that are ineligible for rewards, which it uses to screen out reports without proof of concept and theoretical attack scenarios that don't hold up under scrutiny.","labels":["security","industry"],"sourceUrl":"https://www.csoonline.com/article/4173224/github-scales-back-bug-bounties-reminds-users-security-is-their-responsibility-too.html","publishedAt":"2026-05-19T15:28:48.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GitHub","HackerOne","Google"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-19T15:28:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":null,"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}