Quick answer: Bot-submitted bug reports can swamp triage. A combination of session-bound submission, rate limits, and content fingerprinting filters bots without blocking real reports.
When bug submissions spike 100x overnight, it's bots. Designing for the spike preserves your triage capacity.
Session-bound submissions
Each report ties to a game session token. Bots without a token are rejected at the SDK layer.
Per-session rate limit
5 reports per session max. Real players don't exceed; bots running the form scripts do.
Content fingerprinting
Hash the report body. Identical hashes within an hour = likely spam. Group; one entry in the dashboard.
Honeypot fields
Invisible CSS-hidden field in the form. Bots fill; humans don't. Filled = spam.
“Bot mitigation is layered. No single technique catches everything; the combination does.”
Monitor for sudden spikes. Spikes are bots more often than viral interest; configure alerts on report rate growth.