Agent Finds $100K Bug

A bug bounty platform says an AI agent found a production vulnerability worth a $100,000 payout. (x.com) Immunefi posted the claim publicly on X, saying the finding was a real critical bug in a live environment rather than a testnet or lab exercise. Immunefi runs bug bounties for crypto projects and says its network protects more than $190 billion across 650-plus protocols. (x.com) (immunefi.com) Bug bounties pay outside researchers to report flaws privately so projects can patch them before attackers exploit them. On Immunefi, critical smart-contract rewards often scale with funds at risk, and some live programs list $100,000 minimums or $1 million maximums for top-severity reports. (immunefi.com 1) (immunefi.com 2) The claim lands as security teams are trying to turn artificial intelligence from a coding assistant into an autonomous operator that can scan code, test assumptions, and file reports. Immunefi markets its own “security agents” and says they are trained on exploit, bug-report, and fix data from its platform. (immunefi.com 1) (immunefi.com 2) Crypto bug bounties already pay at a scale rare in conventional software because a single smart-contract mistake can expose user funds directly. Immunefi told The Block in June 2024 that it had crossed $100 million in cumulative payouts after more than 3,000 paid reports. (theblock.co) (immunefi.com) The public post does not identify the affected project, the exact vulnerability class, or whether a human researcher supervised the agent’s work before submission. Immunefi’s own workflow shows reports move through escalation, confirmation, payment, and closure before they are fully resolved. (x.com) (immunefisupport.zendesk.com) That leaves two separate facts in view: a platform is publicly crediting an agent with a six-figure security find, and the evidence released so far is limited to the platform’s statement. Until Immunefi or the affected project publishes a write-up, the size of the bug is clearer than the technical details behind it. (x.com)