Hackers, I've built a small game that helps improve your XSS skills! It dynamically generates (increasingly more difficult) levels for you to exploit XSS vulnerabilities. No level is the same. Let me know what you think. Happy hacking! https://t.co/bch4wIOAO4 #TogetherWeHitHarder

I’m doing an experiment: trying to figure out how much energy certain behaviors cost / give in my life. Next up is social media, so I’m going to take a break until 2026. GLHF!

What is the equivalent of phishing of an AI agents? Lishing? Processes that involve humans can be tested using social engineering attacks, like phishing. Companies will build more AI agents and reduce the Human-in-The-Loop (HiTL). When you automate parts of a process using AI,

Secure AI by Design at @Hacker0x01:

I am honored and humbled to have received this lifetime achievement award today from @Hacker0x01 . When I began working with the bug bounty team at @salesforce in 2016, I was a total noob. I quickly identified an unknown passion for it, and have never looked back. I continued

Great question! Here is @Hacker0x01’s approach in case people are wondering: https://t.co/7hoMKZtyJa. TL;DR: we don’t access reports outside of user-level permissions and we don’t improve GenAI models based on conversations / sensitive data.

If you can’t code, you will never find vulnerabilities. Or to be fair, you’ll never find the ones that matter. You’ll hit a ceiling in vulnerability research. Sure, you can rack up CTF points, follow step-by-step blog posts, land a bug bounty once in a while, or even go viral on

Hey hackers! We're running a beta for Hai for Hackers, our AI security agent. If you're interested, please reply with your HackerOne username (we will probably limit to ~100 hackers for now). After it's been enabled, you can start using it by clicking the Hai button in the top

If you’re left-brained, you’ll see a path traversal. If you’re right-brained, you’ll see a SQLi.

We're launching a new bug bounty initiative to stress-test an updated version of our anti-jailbreaking system before it’s publicly deployed. The program, in partnership with @Hacker0x01, runs through Sunday.

The @hacker0x01 ambassador World Cup comes to an end. After 1 year, 42 teams, 766 hackers, and 6 rounds (including two in person), we conclude what to me is a passion project I always envisioned and I'm very happy to make a reality. Thanks to everyone who made it possible.

Yesterday, the Dutch @Hacker0x01 Ambassador World Cup team came together again, this time for the AWC finals. Another great day of hacking, teamwork, and good vibes all around. Thanks everyone for joining again! #togetherwehitharder #awcfinals

Watching MCP gain momentum reminds me of early API adoption—huge potential but massive risk if you’re not careful. @Hacker0x01 bug bounty programs and AI red teaming aren’t nice-to-haves anymore. They bring in external perspectives, which is what you need when your system opens

This was a great find and had a super interesting root cause:

Please give feedback here: https://t.co/ZlDA3CNU89.

.@CaidoIO and @Hacker0x01 are collaborating on a plugin that streamlines the H1 submission process. We’re envisioning a plugin that gives a simple UI to combine evidence that serves as the foundation of a report and removes most of the writing burden. Link in the comments.

.@HackerOne’s Hai can now visualize (complex) proof of concepts and it's magical! Understanding security vulnerabilities can be complicated, especially when reproducing it involves multiple accounts, many steps, or different systems — and this new Hai capability makes it so much

H1 is adding a package containing a banana, Saratoga water, and a clock with the alarm set to 3:59a to its bug bounty rewards.

“I’ve put a lot of claude into it” > “I’ve put a lot of thought into it”

Results of our jailbreaking challenge: After 5 days, >300,000 messages, and est. 3,700 collective hours our system got broken. In the end 4 users passed all levels, 1 found a universal jailbreak. We’re paying $55k in total to the winners. Thanks to everyone who participated!

What a way to finish the Elite Eight round! 💪 Each of these amazing teams' incredible work over the last 11 days is something to be extremely proud of. On behalf of the entire HackerOne team and our #AmbassadorWorldCup partners @ASWatsonGroup and @okx--- THANK YOU! 🙌 Stay