Debate Over Generative AI Use in Security and Bug Bounty Ecosystems
Security commentary highlighted how generative and agentic AI can accelerate attacker reconnaissance and highly tailored social engineering, while also creating defensive opportunities such as deploying AI-generated “decoy employees” (fake social profiles, CVs, and inboxes) to attract malicious profiling and phishing attempts and convert them into threat intelligence (e.g., identifying suspicious IPs/URLs and credential-stuffing activity). The same theme emphasized that AI’s impact is not purely additive for adversaries; defenders can use automation and deception to expose attacker infrastructure and tactics.
HackerOne faced public backlash from researchers who questioned whether bug bounty submissions and customer data were being used to train its new agentic pentesting offering (Agentic PTaaS) and its AI system (Hai). In response, CEO Kara Sprague stated that HackerOne does not train generative AI models—internally or via third parties—on researcher submissions or customer confidential data, and that third-party model providers are not permitted to retain or use such data for their own training; she positioned Hai as augmenting researchers by accelerating validation, fixes, and rewards rather than replacing them. A separate ZDNET piece was largely executive-level thought leadership on generative AI and critical thinking and did not add incident-level or technical security detail to the policy controversy.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Talos identifies threat actor UAT-9221 using VoidLink framework
Cisco Talos reported a newly identified threat actor, UAT-9221, operating with the VoidLink framework, and shared related malware hashes and detection names observed in Talos telemetry.
Talos publishes detection guidance for patched industrial gateway flaws
Cisco Talos recommended that defenders apply the vendor patches and use updated Snort rulesets to detect potential exploitation related to the Socomec DIRIS M-70 vulnerabilities.
Socomec patches DIRIS M-70 vulnerabilities after responsible disclosure
The six DIRIS M-70 vulnerabilities were responsibly disclosed to the vendor and patched, reducing the risk that attackers could exploit the industrial gateway to disrupt critical infrastructure, data centers, or healthcare operations.
Cisco Talos finds six flaws in Socomec DIRIS M-70 gateway
Cisco Talos researchers identified six vulnerabilities in the Socomec DIRIS M-70 industrial gateway by emulating the device's Modbus protocol handling thread and using fuzzing and debugging tools.
Bug bounty platforms clarify AI and data-use policies
Following the HackerOne controversy, other platforms including Intigriti and Bugcrowd clarified their policies, emphasizing researcher ownership of work and restricting third parties from training AI models on customer or researcher data.
HackerOne CEO says researcher and customer data is not used to train AI
In response to the controversy, CEO Kara Sprague publicly stated that HackerOne does not train generative AI models on researcher submissions or customer confidential data, and that third-party model providers cannot retain or use that data for their own training.
HackerOne launches agentic PTaaS offering and faces researcher backlash
HackerOne introduced its Agentic PTaaS offering, prompting concerns from security researchers that bug bounty submissions and related data might be used to train the company's AI systems.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI Data Use and Exposure Risks Across Bug Bounties, Consumer Apps, and LLM Training
HackerOne publicly addressed security researcher concerns that bug bounty submissions might be used to train its AI capabilities following the launch of its **Agentic PTaaS** offering. CEO Kara Sprague stated the company does **not** train generative AI models on researcher submissions or confidential customer data (internally or via third parties), describing its AI system (*Hai*) as intended to speed up outcomes like report validation and rewards rather than replace researchers; other bug bounty platforms (including **Intigriti** and **Bugcrowd**) similarly reiterated policies against using researcher data for AI model training. Separately, a consumer Android app, **“Video AI Art Generator & Maker,”** exposed user content after researchers found an unsecured Google Cloud storage bucket containing **8.27 million** media files, including roughly **2 million private user photos and videos**, along with AI-generated media; the developer (Codeway) reportedly secured the bucket after disclosure, and another Codeway app had previously been linked to a large-scale exposure due to backend misconfiguration. In parallel, reporting on academic research and litigation highlighted that LLMs can be induced to reproduce **near-verbatim copyrighted text** from training data, with courts scrutinizing both the legality of training on copyrighted works and the separate issue of storing pirated datasets; AI vendors argued that extraction techniques are impractical for typical users and that models learn patterns rather than retain exact copies, while researchers and legal experts warned that verbatim reproduction can constitute copyright infringement and raises broader governance and data-handling risk for AI deployments.
Mar 21, 2026
MIT AI Agent Index Warns of Opaque, Unsafe Agentic AI Deployments
Academic researchers associated with **MIT CSAIL** and partner institutions published findings from an *AI Agent Index* evaluating roughly **30 agentic AI systems**, warning that agentic AI is rapidly proliferating without consistent **standards, transparency, or safety disclosures**. Reporting highlighted that many agentic systems can take real actions online via integrations (e.g., email, browsers, enterprise workflows), yet “key aspects” of development and deployment remain **opaque**, making it difficult for researchers and policymakers to assess real-world risk. The coverage also noted emerging friction with existing web norms (e.g., agents ignoring `robots.txt`/the Robot Exclusion Protocol) and pointed to broader concern that agent autonomy is already spanning low- to high-consequence use cases, including **cyber espionage**. Separate reporting described **HackerOne** updating/clarifying its GenAI policy after backlash over its agentic offering (*Agentic PTaaS* / “Hai”), with the CEO stating the company **does not train generative AI models** on researcher submissions or customer confidential data and does not allow third-party model providers to retain or use such data for training. Additional commentary from Cisco Talos argued that while agentic AI can accelerate attacker operations (notably **targeted social engineering**), defenders can also use AI to create **decoy personas/honeypots** (e.g., fake employee profiles and inboxes) to collect threat intelligence and block malicious infrastructure. Other opinion/podcast-style content about generative AI and leadership did not add incident- or disclosure-specific security details tied to the agent transparency/safety findings.
Mar 21, 2026
Industry Debate and Reporting on Agentic AI in Cybersecurity
Security and technology commentary is increasingly focused on **agentic AI**—autonomous or semi-autonomous AI systems that can execute multi-step workflows—and what that means for both defenders and attackers. One perspective argues the market is moving past broad “autonomous SOC” promises toward **purpose-built AI agents** designed for narrowly scoped, measurable security tasks (e.g., phishing detection, incident simulation, SOC triage), emphasizing operational deployment and clear success metrics rather than demos. Separately, a vendor blog post claims Anthropic disclosed what it describes as the **first autonomous AI-driven cyberattack**, in which attackers allegedly impersonated a cybersecurity firm and used *Claude Code* and the **Model Context Protocol (MCP)** with a custom orchestration framework to decompose and execute multi-stage intrusion activity, with AI completing most tasks and humans intervening only at a few decision points. A ZDNET piece is largely a high-level discussion about generative AI’s impact on thinking and leadership, with only general references to “machine-speed cyber threats,” and does not materially add incident-level or technical detail to the agentic-AI-in-cybersecurity narrative.
Mar 21, 2026