Turso shut down its bounty for data‑corruption bugs after a flood of low‑quality, often AI‑generated submissions overwhelmed maintainers. The move highlights the difficulty of incentivizing open‑source security work when large language models can cheaply produce noisy PRs, and it raises questions about sustainable bug‑bounty models for OSS projects.

Why Turso Retired Its $1,000 Data‑Corruption Bug Bounty

Turso announced the end of a year‑long program that paid $1,000 for any bug that could be demonstrated to corrupt data. The decision was not driven by a lack of bugs—rather, it was a response to an overwhelming volume of submissions that turned the bounty into a magnet for automated, low‑quality pull requests.

What the announcement claimed

A $1,000 reward for any reproducible data‑corruption bug.
The program was meant to complement Turso’s extensive testing stack (deterministic simulator, fuzzers, differential testing against SQLite, Antithesis runs, etc.).
Over the first year the bounty paid out to five contributors, including one who later joined the team.
The bounty is now being retired because “the slop machine” – essentially a wave of AI‑generated PRs – is flooding the repository, consuming maintainer time.

What is actually new

A concrete policy change – Turso will no longer accept monetary submissions for data‑corruption bugs. The public statement is the first formal documentation of this shift.
A vouch‑based gatekeeping system – Turso experimented with a lightweight “vouch” mechanism that automatically closed PRs suspected of being bot‑generated. The system slowed the flood but did not stop it.
A broader signal to the OSS community – By sharing the experience, Turso adds to a growing body of evidence that traditional bug‑bounty models may be ill‑suited for projects that are fully open and have low barriers to contribution.

Why the bounty became unsustainable

Factor	Impact on Turso	Why it matters
AI‑generated PRs	Hundreds of PRs per week, many with trivial or fabricated “bugs”.	Each PR requires a maintainer to triage, comment, and close, turning a $1,000 incentive into a multi‑hour cost.
Low signal‑to‑noise ratio	High‑value findings (the five paid bugs) were drowned out by noise.	The original intent – to surface edge‑case failures that escaped automated testing – was defeated.
Open contribution model	Anyone can submit a PR; there is no identity verification.	Financial reward creates a strong incentive for automated scripts to spam the repo.
Testing coverage gaps	Turso’s own fuzzers missed bugs that only appear in >1 GB databases or under specific fault‑injection patterns.	The bounty was a safety net for those gaps, but the net became a target for cheap exploitation.

A concrete example of the noise

One PR injected random bytes into the SQLite header and claimed corruption. After a maintainer pointed out the obviousness of the change, the author (or an LLM) replied with a wall of generated text, insisting on a bug. Another PR claimed to enable arbitrary SQL execution – essentially stating that a SQL database can run SQL – and attached a long, auto‑generated discussion.

These examples illustrate a new class of “bug‑bounty spam” where the cost of generating a PR is measured in seconds, while the cost of reviewing it is measured in minutes or hours.

Limitations of the current approach

No automated triage beyond simple heuristics: The vouch system could only block obvious bots; more sophisticated LLM‑generated submissions slipped through.
Financial incentive remains a double‑edged sword: While it attracted high‑skill contributors (e.g., the researcher who found >10 bugs in SQLite using formal methods), it also attracted opportunistic scripts.
Testing infrastructure is still incomplete: Even with a sophisticated simulator, Turso cannot guarantee coverage of all state‑space corners, especially for large databases or rare concurrency patterns.

What could work better?

Tiered rewards with proof‑of‑concept requirements – Instead of a flat $1,000, require a minimal reproducible test harness and a detailed impact analysis before any payment is considered.
Community‑driven vetting – Allow trusted contributors to flag submissions for deeper review, reducing maintainer load.
Rate‑limited bounty windows – Open the program only during specific periods, giving maintainers time to prepare and triage efficiently.
Non‑monetary incentives – Offer reputation points, early‑access features, or direct collaboration opportunities instead of cash.
Improved automated detection – Train a classifier on past spam PRs to automatically label low‑quality submissions before they hit the inbox.

Broader implications for open‑source security

Turso’s experience is not isolated. Projects like OpenSSL, Linux Kernel, and various Rust crates have reported similar challenges as LLMs become capable of generating plausible‑looking bug reports at scale. The community is beginning to explore alternatives:

Bug‑bounty platforms that require identity verification (e.g., HackerOne’s “private program” mode).
Bug‑bounty insurance pools that pay out only after a formal review by a panel of experts.
Crowdsourced fuzzing services that provide bug reports directly to the project without a public bounty.

These models aim to preserve the benefits of financial incentives—attracting skilled security researchers—while mitigating the spam problem.

Takeaway

Turso’s retirement of its $1,000 data‑corruption bounty underscores a tension between open contribution and monetary incentives in the age of AI‑generated code. The announcement serves as a cautionary tale: without robust triage and a carefully designed reward structure, even well‑intentioned bug‑bounty programs can become a drain on developer resources. Projects will need to experiment with hybrid incentives, stronger verification, and smarter automation to keep the signal strong and the noise manageable.

For more details on Turso’s testing stack, see the official Turso documentation and the open‑source repository on GitHub.

Why Turgo Retired Its $1,000 Data‑Corruption Bug Bounty