Bugbop with spider-like logo
← Back to Posts

AI Pre-Submission Check for Bug Reports

3 min read Product Update

We've added a new AI-powered check that reviews bug reports before they're submitted.

The Problem

Bug hunters frequently submit reports that don't meet a program's scope or guidelines. Non-applicable bug reports would be submitted and even with AI triage, it would still distract program runners as they have to review and close it. This becomes a constant frustration as they keep closing the same bugs over and over.

How It Works

Now, when a bug hunter submits a bug report in Bugbop, the AI reviews their submission against the program's scope & description. It'll pick up any issues such as scope, submission guidelines, or explicit exclusions. If the report has an issue, the bug hunter will get a warning like this:

Warning banner stating “Our AI flagged a potential issue with this report.” Below, explanatory text says the report is out of scope under the program guidelines because it describes a self-XSS vulnerability in a user bio WYSIWYG editor that requires significant user interaction. The notice explains that such self-XSS issues are explicitly listed as out of scope. At the bottom are two buttons: “Edit Report” and a highlighted “Submit Anyway.”
The AI scope check warns bug hunters when their report may not fit the program's guidelines.

For Program Managers

You can update your program's scope to explicitly exclude specific bug types or even specific bugs themselves (e.g. "We are aware of the self-XSS in search - please don't report it"). Then bug hunters attempting to submit that bug will see the warning before it can be submitted.

Currently, there's no enforcement - hunters can always choose to submit anyway. We never want to accidentally block a real bug! But we're recording which reports took this path. Over time, this data will help us understand patterns and potentially adjust how we handle repeat offenders and improve the check accuracy.

We've added a new "Internal notes" section to reports that can only be seen by staff of the Program. You can add internal notes there such as the status of internal investigations or links to internal task tracking systems. This section is the new home for the AI duplicate matching where we name and link the potential duplicate report for your convenience.

Screenshot of an “Internal Notes” section (not visible to bug hunters) showing a suspected duplicate issue titled “Missing Anti-Clickjacking Headers on https://loremipsum.com,” reported by bugbot three months ago. Below, an internal comment says the issue won’t be fixed immediately and has been added to the security backlog, with a linked Jira ticket at https://loremipsum.atlassian.net/browse/SEC-123.
Screenshot of the Internal Notes section showing suspected duplicate

Goodbye, Bugbot triage! Hello, AI Triage panel!

As part of this change, we've stopped the AI triage being done as the Bugbot user. Now it's done directly by the platform and added to a separate section of the bug report page. It also means one less email per report (i.e. Bugbot's comment right after the report was raised).

Screenshot of an "AI Triage" panel showing an automated security assessment. The severity is marked as "High," with an explanation that a reported SQL injection in a header search feature could allow unauthorized data access or modification. The report is marked "In Scope: Yes," noting that SQL injection is a typical in-scope web application vulnerability. A "Remediation" section lists recommended actions, including using parameterized queries, allowlist input validation, least-privilege database permissions, server-side logging and alerting, and adding automated tests. A disclaimer at the bottom notes the suggestions are AI-generated and should be reviewed carefully.
The new AI Triage panel with severity, scope assessment, and remediation suggestions.

Think this AI pre-check will save you time?   Share your thoughts on LinkedIn

Want smarter bug report handling?

AI scope checking is available on all Bugbop programs. Set up your program and let the AI filter out the noise.

Book a Call

Follow Our Content

Get the latest security insights and company updates

Follow on LinkedIn Follow on X Follow on Bluesky