This work addresses the growing asymmetry in vulnerability discovery exacerbated by large language models (LLMs), which accelerate offensive capabilities while overlooking critical bottlenecks on the defensive side—particularly in validation, patching, and disclosure. From a vulnerability economics perspective, we argue that repair throughput has become the new limiting factor, driven not by the volume of zero-day vulnerabilities but by the evidentiary richness of candidate reports and maintainers’ capacity to triage them. We integrate LLM-assisted techniques for generating candidate vulnerabilities, interpreting code, constructing proofs-of-concept, and automating reporting, alongside data from bug bounty programs and market-based vulnerability pricing. Leveraging collaboration data from Anthropic’s Mythos Preview and Mozilla Firefox, we reveal the challenges posed by surging vulnerability reports and misaligned maintainer resources in open-source ecosystems, advocating for optimized remediation workflows.

Recent demonstrations of large language models producing candidate and confirmed vulnerabilities in production software have renewed the narrative that AI will reshape offensive and defensive security. Headlines emphasize capability; they rarely interrogate costs and incentives. This paper examines LLM-driven vulnerability discovery through a bugonomics lens: the operational economics of producing, proving, prioritizing, and fixing security-relevant defects. Historically, the most visible high-end bugonomics was offense-priced because production-grade zero-days and exploit chains were expensive specialist outputs for governments, brokers, and offensive vendors. Defender-side bugonomics already existed in vulnerability research, reward programs, and vendor remediation work; LLM-assisted systems change its scale and distribution. They make candidate generation, code comprehension, harness construction, proof-of-impact drafting, and report preparation cheaper at codebase scale. Exploits and proofs of concept remain important, but in defender workflows they primarily prove impact, guide prioritization, and justify remediation. The resulting bottleneck is not only finding more bugs; it is absorbing, validating, triaging, patching, and shipping a larger stream of reports. Using public data from Anthropic's Mythos Preview and Mozilla Firefox collaborations, along with public exploit-market price anchors and vulnerability reward programs, we argue that the near-term shift is not simply more zero-days. It is a move toward broader defender remediation throughput: low-signal candidates become cheaper, evidence-rich remediation become more important, and scarce capacity shifts toward maintainer review and release work. The effect is acute in open source, where LLM-assisted discovery can increase report volume while maintainer-side validation, triage, funding, and release capacity may not scale.