About Bugflation
Bugflation is an editorial and data project tracking public evidence that AI-assisted systems are changing the economics of vulnerability discovery.
The term
"Bugflation" describes an increase in discovered vulnerabilities caused by a collapse in discovery cost, not necessarily by software becoming worse. The term was coined by Mounir Idrassi, author and maintainer of VeraCrypt and founder of AM Crypto, after the CopyFail disclosure made the pattern concrete: an expert observation about a critical Linux kernel surface amplified by AI-assisted subsystem review.
What we publish
- Findings. Public AI-attributed vulnerabilities with source links, severity labels, and attribution strength.
- Systems. Profiles for AI agents, platforms, and governance layers that appear in the public record.
- Articles. Short analysis on discovery economics, triage pressure, patch capacity, and evidence quality.
- Methodology. The rules for what enters the ledger and how attribution is labeled.
What we are not
- We are not a coordinated-disclosure venue.
- We are not a bug-bounty platform.
- We do not publish unpatched exploit details.
- We do not infer AI usage when sources do not say it.
- We do not sell placement to AI vendors or security companies.
Relationship to AM Crypto
Bugflation is published alongside AM Crypto's security work, including the Crypto CVE Explorer. The Crypto CVE Explorer focuses on cryptography-related CVEs. Bugflation is broader and narrower at the same time: broader across software stacks, narrower in that it only tracks the AI-attributed discovery signal.
How to contribute
Send missing findings, corrections, and primary-source links to hello@bugflation.com. The most useful submission includes the advisory or release note, CVE ID, affected product, discovery credit, and any public write-up from the finder.
Site operation
The site is a static Astro build for bugflation.com. It does
not need cookies or client-side analytics to work. If that changes, this
page will be updated before deployment.