Two security cultures used to coexist quietly. AI just broke both of them in the same quarter — and if you ship with Claude, Cursor, or Copilot, you are standing exactly where the fallout lands. This isn't a researcher's problem. It's a shipping-velocity problem. Yours. What the two cultures actually were For twenty years the security world ran on two parallel economies. Disclosure culture. A researcher finds a bug, tells the vendor, the vendor patches, a CVE goes out, everyone learns. Slow, gentlemanly, reputation-driven. It worked because the supply of researchers was small and the currency was credit, not cash. Bounty culture. A platform pays researchers per bug. Supply scales with the budget. Bugs are graded. High-severity, high payout. Both cultures shared one quiet assumption: the cost of finding a bug is roughly equal to the value of finding it. Researchers spent weeks for credit. Bounty rates matched effort. The economics balanced. AI just broke that assumption.…