AI-generated reports broke bug bounty. Programs are closing. Reputations are tanking. Rapax is the anti-slop workflow that forces verification before you submit — every step, every finding.
Programs are killing themselves with floods of AI-generated noise. Triagers can't keep up. Hunters with real findings get buried. The whole pipeline is rotting.
Daniel Stenberg called it: an "AI slop avalanche." Reports that look real, sound real, and waste maintainers' time at scale. The program closed.
Same story. Volunteer security teams burning hours rejecting hallucinated CVEs. Open-source projects are pulling the plug across the board.
HackerOne, Bugcrowd, and Intigriti are tightening rules and penalizing low-quality submissions. Your reputation score now decides what you can even see.
You wrote the report yourself, ran it through your own pipeline, verified the impact — and still get triaged behind a mountain of generated junk. Signal is dying.
Rapax doesn't generate reports for you. It blocks you from submitting until each finding has been scoped, deduped, evidenced, and proven.
Every command, every payload, every URL is checked against the program scope before it runs. Out-of-scope = blocked. No accidents.
Report drafts run through a hallucination detector before submission. Unverifiable claims, fake CVEs, and AI-tellsmarked and gated.
Screenshots, requests, responses, payloads — captured automatically with cryptographic timestamps. Nothing in your report that isn't in the vault.
Local index of your past findings + public disclosures. Catches dupes before you waste a submission slot or your reputation.
Forces a clean second run from a fresh state. If you can't reproduce it on demand, the report doesn't go out.
CVSS scoring with prompts that catch the inflation patterns triagers downgrade. No more "Critical" reports that come back as Low.
Templates that match each platform's house style. Fields you actually have evidence for. Nothing more, nothing padded.
Use your own Anthropic, OpenAI, or local Ollama key. Models suggest, never decide. You stay the author of every word that leaves the tool.
Tracks every report you've sent across every platform. Status, payouts, response times, dupe rates — your hunter analytics in one place.
Monitors your signal score on each platform. Flags when a recent submission is dragging you down so you can course-correct fast.
"Built by bug bounty hunters, for bug bounty hunters. We got tired of being lumped in with the slop pile — so we built the workflow that keeps us out of it."— The Rapax team
One-time lifetime deal for the first 200. After that, monthly or annual. Free tier always exists.
Beta opens to waitlist members ahead of public launch. Lifetime slots are first-come from this list.
No spam. One launch email, then you decide. Unsubscribe in one click.