The main differentiator to HackerOne is price and lower commitment (i.e. contracts). It's also a lot simpler in the UI as it's not chasing the big end of town and uses AI in a more integrated way. That said, Bugbop isn’t trying to replace HackerOne. It’s built for teams that won’t run a bug bounty otherwise.
Bypassing can be a problem but paying people overseas (and KYC) can be quite annoying. There's also less credibility without a 3rd party proving the bounties exist.
"Someone can copy you" was never going to be a moat. There's a lot more to a company than just the technical build. I'll just have to stay better than them :-)
I've priced Bugbop very competitively and making it free will be difficult with the payment processing fees.
Indisputable USP? That's hard. I think Bugbop is fairly unique in that it's a passion project of a long-time bug bounty program runner. I love this stuff and I'm happy to have a founder-to-founder calls about what bug bounty looks like in practice.
Or someone else cloning the same thing as Bugbop with AI and undercutting it or making it free?
What is the actual indisputable USP of your solution?