Turso Retires Bug Bounty Program, Citing AI Shift

Turso has announced the retirement of its bug bounty program, which had been active for almost a year. The initiative previously offered payouts of $1,000 for any bug demonstrated to lead to data corruption. The decision marks the end of a specific incentive structure designed to identify critical vulnerabilities in the company’s infrastructure.

The announcement was published on the Turso blog under the headline “The Wonders of AI: We Are Retiring Our Bug Bounty Program.” This title suggests a strategic pivot linked to the company’s use of artificial intelligence, although the provided source material does not detail the specific technical mechanisms or efficacy metrics driving this change.

For the duration of the program, researchers could submit reports of bugs that caused data corruption. Each verified report resulted in a fixed payment of $1,000. The program’s closure follows a period of nearly 12 months during which this payout structure was in place to encourage external security testing.

The retirement of the scheme was discussed on Hacker News, indicating interest from the developer and security community. The timing of the announcement coincides with the company’s broader narrative regarding the integration of AI, as implied by the blog post’s title.

No further details were provided regarding the specific role AI plays in replacing the need for external bug bounties. The announcement stands as a definitive end to the $1,000 per bug payout model, with Turso now moving forward under a new operational framework for security validation.