Agent finds $100K bug
An AI agent from Grego AI discovered a critical vulnerability worth $100,000 through Immunefi’s bug‑bounty program, demonstrating real agent deployment in high‑stakes security testing. The report shows agents being used to find production vulnerabilities rather than just support tasks. (x.com)
An artificial intelligence agent built by Grego AI found a critical smart-contract bug that earned a $100,000 payout through Immunefi. (youtube.com) Immunefi described it as the first major payout on its platform attributed to an artificial intelligence security agent, and said the finding came through its bug-bounty process rather than a lab demo. (youtube.com) A bug bounty is a standing cash reward for privately reporting a security flaw before criminals exploit it. On Immunefi, critical smart-contract reports are typically paid as a share of funds at risk, with program caps that can reach six or seven figures. (immunefi.com; immunefi.com) Smart contracts are programs that hold and move crypto assets automatically, so a coding mistake can turn into a direct loss of funds. Immunefi’s severity system classifies bugs by impact, and loss of contract funds sits at the critical end of that scale. (immunefi.com) Grego AI says its system maps a project’s codebase, traces execution paths, and flags attack paths in production contracts. The company says it logged 10 confirmed findings across live bug-bounty programs in one month and that 60% were rated high severity. (grego.ai) The researcher behind Grego AI, who goes by Riptide, is also an established human bug hunter on Immunefi’s leaderboard. Immunefi’s video says Riptide has earned more than $800,000 across more than 20 programs including Arbitrum, Lido, and Balancer. (youtube.com) Immunefi has been pushing artificial-intelligence tooling into onchain security as hacks keep mounting. The company says it protects more than $190 billion in user funds, works with more than 650 protocols, and operates with more than 60,000 security researchers in its ecosystem. (immunefi.com) Its research arm has also expanded from bounty reports into recurring hack-loss reports and studies on how security teams use large language models. One Immunefi research page lists a ChatGPT security report alongside monthly and quarterly crypto-loss tracking. (immunefi.com) The company’s pitch is not that humans disappear, but that machines can scan more code paths than a person can by hand. Grego AI says it is building a system that reasons through contracts “the way an elite researcher does,” while Immunefi’s interview frames the workflow as human validation plus machine-scale search. (grego.ai; youtube.com) For bug bounties, the immediate test is simple: whether agents keep producing valid reports on live programs and getting paid for them. This one did. (youtube.com)
