{"description":"bug-bot-bench scores every CVE in the National Vulnerability Database that is publicly attributed to an AI-driven vulnerability-discovery system. Attribution is done by matching CVE reference URLs (weight 1.0), description keywords (weight 0.6), and NVD credits-field values (weight 1.2) against a per-hunter pattern set. A CVE is admitted at a total score of at least 0.6. Roster, scoring weights, and refresh cadence are public — see this endpoint.","sources":[{"name":"NVD CVE API 2.0","url":"https://services.nvd.nist.gov/rest/json/cves/2.0","refresh":"every 30 min (keyword sweep), every 2 h (recent-window)"},{"name":"GitHub Security Advisories","url":"https://api.github.com/advisories","refresh":"every 4 h"},{"name":"OSV.dev","url":"https://api.osv.dev/v1/vulns/{id}","refresh":"on-demand"}],"min_attribution_score":0.6,"weights":{"reference_url":1,"description_keyword":0.6,"credit_field":1.2},"hunters":[{"slug":"aisle","name":"AISLE","operator":"AISLE Security","homepage":"https://aisle.dev","first_active":"2025-09-01","domain_patterns":["aisle.dev","blog.aisle.dev"],"keyword_patterns":["AISLE","AI Software Logic Engine"]},{"slug":"atlantis","name":"Team Atlantis","operator":"DARPA AIxCC finalist","homepage":"https://team-atlantis.org","first_active":"2024-08-01","domain_patterns":["team-atlantis.org","aixcc.darpa.mil","aicyberchallenge.com"],"keyword_patterns":["Team Atlantis","AIxCC","AI Cyber Challenge"]},{"slug":"auto-bounty","name":"Auto-Bounty","operator":"Auto-Bounty collective","homepage":"https://autobounty.io","first_active":"2025-10-01","domain_patterns":["autobounty.io","blog.autobounty.io"],"keyword_patterns":["Auto-Bounty","AutoBounty","Auto Bounty agent"]},{"slug":"big-sleep","name":"Big Sleep","operator":"Google DeepMind + Project Zero","homepage":"https://deepmind.google/research/projects/big-sleep/","first_active":"2024-11-01","domain_patterns":["googleprojectzero.blogspot.com","deepmind.google/research/projects/big-sleep","security.googleblog.com/big-sleep","bigsleep.googleblog.com"],"keyword_patterns":["Big Sleep","BigSleep","Big-Sleep","Project Zero AI","Google DeepMind vulnerability"]},{"slug":"daybreak","name":"Daybreak (GPT-5.5-Cyber)","operator":"OpenAI","homepage":"https://openai.com/index/daybreak/","first_active":"2026-05-10","domain_patterns":["openai.com/security","openai.com/index/daybreak","openai.com/blog/daybreak"],"keyword_patterns":["Daybreak","GPT-5.5-Cyber","OpenAI Daybreak"]},{"slug":"metasploit-ai","name":"Metasploit AI","operator":"Rapid7 (open-source extension)","homepage":"https://github.com/rapid7/metasploit-ai","first_active":"2025-04-01","domain_patterns":["github.com/rapid7/metasploit-ai","rapid7.com/blog/post/metasploit-ai"],"keyword_patterns":["Metasploit AI","Metasploit-AI"]},{"slug":"naptime","name":"Naptime","operator":"Google Project Zero (legacy)","homepage":"https://googleprojectzero.blogspot.com/2024/06/project-naptime.html","first_active":"2024-06-01","domain_patterns":["googleprojectzero.blogspot.com/2024","googleprojectzero.blogspot.com/2025/01","googleprojectzero.blogspot.com/2025/02"],"keyword_patterns":["Naptime","Project Naptime"]},{"slug":"pentestgpt","name":"PentestGPT","operator":"Open Source (gpt-pentest collective)","homepage":"https://github.com/GreyDGL/PentestGPT","first_active":"2024-03-01","domain_patterns":["github.com/GreyDGL/PentestGPT","pentestgpt.io"],"keyword_patterns":["PentestGPT","Pentest GPT","AutoPentest-GPT"]},{"slug":"xbow","name":"XBOW","operator":"XBOW Engineering","homepage":"https://xbow.com","first_active":"2025-06-01","domain_patterns":["xbow.com","hackerone.com/xbow","blog.xbow.com"],"keyword_patterns":["XBOW","X-BOW","XBOW autonomous"]},{"slug":"zeropath","name":"ZeroPath","operator":"ZeroPath, Inc.","homepage":"https://zeropath.com","first_active":"2025-01-15","domain_patterns":["zeropath.com","blog.zeropath.com"],"keyword_patterns":["ZeroPath","Zero Path AI","ZeroPath scanner"]}],"last_fetches":[{"source":"keyword-sweep","started_at":"2026-06-02T19:00:00.458Z","status":"ok","finished_at":"2026-06-02T19:03:17.518Z","rows_in":10,"rows_upserted":5,"error":null},{"source":"ghsa-sync","started_at":"2026-06-02T16:15:00.312Z","status":"error","finished_at":"2026-06-02T16:15:00.356Z","rows_in":0,"rows_upserted":0,"error":"GHSA HTTP 403: {\"message\":\"API rate limit exceeded for 209.38.106.67. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)\",\"documentation_url\":\"h"},{"source":"recent-window","started_at":"2026-06-02T16:00:00.281Z","status":"ok","finished_at":"2026-06-02T16:01:58.990Z","rows_in":1552,"rows_upserted":0,"error":null},{"source":"daily-snapshot","started_at":"2026-06-02T00:05:18.337Z","status":"ok","finished_at":"2026-06-02T00:07:59.484Z","rows_in":10,"rows_upserted":10,"error":null}],"counts":{"cves":8,"attributions":8}}