Bugcrowd Docs | Changelogs | Customer

VRT Update (1.18)

2026-03-09T00:00:00+00:00

Bugcrowd’s Vulnerability Rating Taxonomy (VRT) has been enhanced to support mappings to auto-suggest CVSS vectors for opt-in customers.

New Security Inbox- Speed, Automation, and AI

2026-02-02T00:00:00+00:00

We are excited to announce the launch of the new Security Inbox. Designed as a high-performance command center, it offers streamlined triage workflows, powerful customization features, and deeper platform efficiencies to accelerate your time to remediation.

What’s New

Saved Views & Pinning: Design your perfect workflow. Create, share, and pin custom filter sets as tabs for one-click access to your most critical work queues.
Focused View Layout: Maximize productivity with a split-screen interface. View full technical details side-by-side without losing your place (activities, brief, disclosures, etc.)
AI Triage Assistant: Leverage our secure, in-platform AI operational assistant to summarize complex findings, suggest remediation steps, and even generate Nuclei retest templates using natural language.
Automated Integration Triggers: Turn filters into actions. Link your Saved Views directly to Jira or other integrations to automate ticket creation based on your specific criteria.

Improved Capabilities

Advanced Search & Filtering: Find what you need in seconds. Search by Submission ID, Researcher, or Target with an enhanced filtering engine designed to help you focus on the vulnerabilities that matter most.
Modernized UI: Experience a refreshed, scannable design across the entire Inbox, specifically engineered to reduce cognitive load during high-volume triage sessions.

Ready to dive in?

To take full advantage of these new features and explore the updated workflows, please visit our Security Inbox Documentation.

Reward Cancellation Enhancement

2026-01-29T00:00:00+00:00

Enhancement: 8-Hour Reward Cancellation Window

We’ve added more flexibility to your reward process. Customers now have a 8-hour window to cancel a reward after it has been issued, allowing you to quickly correct errors before payments are finalized.

Grace Period: View a real-time countdown for “Processing” rewards.
Easy Voiding: Cancel rewards directly from the Reward History table.
Transparency: Select a reason for cancellation to keep researchers informed.
Instant Recovery: Cancelled funds are immediately returned to your reward pool.

After 8 hours, rewards are marked as Finalized and processed for payment.

For more details, view the updated Rewards Page Documentation.

New Core AI Platform Capabilities

2025-12-10T00:00:00+00:00

We are excited to announce the launch of the new Bugcrowd AI capabilities designed to accelerate remediation, streamline triage, and provide deeper insights into your security posture—all while maintaining strict data privacy and control.

1. AI Triage Assistant
Transform triage from a static checklist into a dynamic conversation. The AI Triage Assistant is a secure, in-platform operational assistant embedded directly within the Submission Inbox. It empowers security teams to investigate vulnerabilities using natural language without leaving their primary workflow.

Conversational Investigation: Ask questions to probe for details, such as “Explain this payload to me as if I were a junior developer” or “Model a potential attack chain for this flaw”.
Instant Efficiency: Generate on-demand artifacts, including remediation guidance and valid Nuclei templates for retesting.
Context-Aware: The assistant automatically references submission details, comments, and engagement metadata to ensure relevance and accuracy.

2. AI Analytics
Unlock deeper insights with natural language querying. AI Analytics empowers Organization Owners to analyze security program data through interactive dashboards and a new “Ask AI” interface.

Ask AI: Query your program data using natural language (e.g., “What is our average ‘Days to Accept’ compared to last quarter?”) to get instant answers without generating complex reports.
Interactive Dashboards: Visualize security posture with pre-defined reports where selecting data points highlights corresponding data across graphs.
Flexible Filtering: Filter dashboards by date range, program name, or engagement type, and export data to CSV or PDF.

3. AI Connect
The secure “front door” for your internal AI tools. AI Connect is a dedicated Model Context Protocol (MCP) server that securely streams your program data to your internal AI applications.

Bring Your Own Agent: Connect IDEs like Cursor or GitHub Copilot directly to your Bugcrowd program.
Real-Time Data: Query submission data instantly via a secure Server-Sent Events (SSE) stream—no need to build complex data pipelines or exports.
Developer-Ready: Enable your internal AI to merge vulnerability data with your codebases to generate context-aware remediation advice.

Security & Data Privacy

Centralized governance for Generative AI. We understand that data privacy is paramount. The Global Control of LLMs allows Organization Owners to centrally manage the use of GenAI features across their organization. Organization Owners can Enable or Disable all LLM-powered features (like AI Triage Assistant and Ask AI) with a single action.

The Bugcrowd AI Capabilities is built on a “Zero Training Policy.”

No Training: Your data is never used to train third-party models.
Inference Only: Data is used solely to generate the feature’s immediate output and is not retained.
Secure Infrastructure: All LLMs are hosted securely within Bugcrowd’s infrastructure.

For More Information and Documentation:

Request a Response Enhancements

2025-11-17T00:00:00+00:00

We have enhanced the Request a Response feature to foster stronger collaboration between customers and researchers, ensuring more timely and effective submission resolution.

What’s New

1. Automatic Expiration

Any open RaR will automatically expire after 10 business days if no response is provided by the party that the request was directed to.

To prevent expiration and maintain Researcher engagement, please ensure your team responds to or triages submissions with an active RaR within this 10-business-day window.
The expiration event is recorded in the submission’s Activity Log.

2. Increased Researcher Quota

Researchers can now have 2 open RaR at any given time (previously the limit was 1).
This allows for more collaboration and may result in a slight increase in RaR activity on your submissions.

For more details on how to use this functionality, see Responding to a Request a Response

Jira Priority Field Mapping

2025-09-30T00:00:00+00:00

The Bugcrowd Jira integration now offers the ability to configure the Submissions Priority field to map to a Jira field with enumerated values. In the Jira integration Field Mapping configuration page, administrators can map the submission priority field to the Jira priority field, severity field, or any other custom field that has a set of enumerated values.

After mapping the fields, administrators can map the field values between these two fields. This enhancement allows Jira tickets to reflect the correct priority specified in the submission, making it easier and faster for security teams to triage tickets.

VRT Update (1.17)

2025-08-21T00:00:00+00:00

Bugcrowd’s Vulnerability Rating Taxonomy (VRT) has been enhanced with an expansion covering a new top-level category for Cloud Security and several updates to Server Security Misconfigurations. These changes provide more granular classifications for common vulnerabilities found in modern, cloud-native environments and streamline existing server-side categories for improved clarity.

Bug Bounty Engagement Simulator Enhancements

2025-08-19T00:00:00+00:00

We’ve released major enhancements to the Bug Bounty Engagement Simulator to give you greater flexibility, more accurate forecasts, and deeper insights when planning your engagements.

What’s New

12-Month Forecasting: Simulate engagement outcomes over a full calendar year (previously limited to 6 months).
Expanded Input Options: Customize simulations with new configuration controls, including:
- ID verification
- Background checks
- Geographic restrictions
- NDA requirements
- Credentials setup
- Collaboration settings
- Disclosure settings
Submission Funnel View: See projected outcomes broken down by:
- Total submissions (all vulnerabilities, including duplicates)
- Valid submissions (unresolved + resolved + duplicates)
- Unique submissions (unresolved + resolved)
Relocated Tool: The simulator now lives in the Engagements Page for easier access from your program dashboard.

Benefits

Plan budgets and resources with 12 months of projections.
Model “what-if” scenarios to see how different requirements impact participation, findings, and costs.
Better prepare for triage workloads with the submission quality breakdown.

For detailed instructions, see Bug Bounty Engagement Simulator.

Reassign or Move Individual Submissions

2025-08-14T00:00:00+00:00

We’ve added new functionality that allows you to reassign individual submissions to the correct program and/or engagement — giving you more flexibility and control over managing findings.

What’s New

Reassign submissions: Move a submission to a different engagement in the same security program when it’s in a New or Triaged state.
Move submissions: Relocate a submission to a different program and engagement when it’s in a New or Triaged state.
Automatic researcher access: Researchers will automatically gain access to the new engagement (NDA signing process triggered if required).
Full activity tracking: All actions are logged in submission, destination program, and engagement activity feeds for full visibility.

Benefits

Correct misfiled submissions quickly without needing Bugcrowd support.
Ensure findings are managed in the correct scope and by the right teams.
Maintain accurate reporting and program organization.

For more details on how to use this functionality, see Managing Submission Location: Reassign or Move

Streamlined Navigation, Modernized Look

2025-08-12T00:00:00+00:00

We’ve streamlined navigation and refreshed the UI to make managing your programs and engagements faster and easier.

Program-Level Changes

New Engagement Page: All engagements for a program now live on a dedicated page. Includes Engagement Simulator and Archiving tools.
Credentials Page: Formerly “Researchers,” now clearly labeled for credential viewing and management.
Program Settings: Renamed from “Settings” for clarity; Low Reward Pool Threshold now lives in the Reward Pool section.

Engagement-Level Changes

Left-Side Navigation: Easier access to all engagement pages.
Engagement Switcher: Jump between active engagements quickly.

UI & Experience Updates

Faster navigation between program and engagement layers.
New breadcrumbs for easy orientation.
Refined page titles for clarity.
Modern visual design with refreshed colors, improved readability, and Dark Mode support.
Leaderboard Upgrade: Cleaner layout, country filter, top 100 view, and quick time-range toggles.

For more details, please see the following documentation: