Alongside this, we’re introducing HackerOne Code to help developers build securely from the start, and Agentic Pentesting as a Service (PtaaS), continuous, AI-driven validation with human insight at the core. More on Hai and the agentic AI system:

These agents aren’t here to replace human expertise; they’re built to amplify it. From structuring reports and improving signal to surfacing critical risks and adding context, they make collaboration between researchers and security teams faster, more effective—and never snooze😴

Big launch day here at @Hacker0x01! Hai is getting promoted from its position as AI assistant to the manager of a team of AI agents, each with focus and purpose.

Tomorrow 👀

CISOs are stewards of business risk and strategy—and that includes AI. Building trust in AI means treating security as a design principle, integrating testing into development, and engaging researchers early. Read more from HackerOne CEO Kara Sprague, including 5 things she

A great “XBOW is not a bug hunter” response from @Hacker0x01 and @michielprins to better handle the leaderboard situations of “collectives” vs individual bug hunters 👍

Most well deserved!

We're launching a new bug bounty initiative to stress-test an updated version of our anti-jailbreaking system before it’s publicly deployed. The program, in partnership with @Hacker0x01, runs through Sunday.

.@CaidoIO and @Hacker0x01 are collaborating on a plugin that streamlines the H1 submission process. We’re envisioning a plugin that gives a simple UI to combine evidence that serves as the foundation of a report and removes most of the writing burden. Link in the comments.

I am curious how much MW @OpenAI has burned on Studio Ghibli

We hope it serves as an industry example for others to follow and design GenAI capabilities while upholding a high bar for security, safety, and privacy.

It should be no surprise that HackerOne has designed Hai from the ground up following strong security, safety, and privacy principles. We explain our security-first architecture in this new blog post and published new detailed product documentation.

This slows down AI adoption in the enterprise, forcing security, legal, and compliance teams to scrutinize AI deployments in detail to ensure they're A-OK.

There is a lot of FUD around Gen AI tools and features within enterprise SaaS. This FUD isn't entirely misguided because, unfortunately, there are players in the AI space who play a little fast and loose with rules, data confidentiality, and privacy.

👇

.@HackerOne’s Hai can now visualize (complex) proof of concepts and it's magical! Understanding security vulnerabilities can be complicated, especially when reproducing it involves multiple accounts, many steps, or different systems — and this new Hai capability makes it so much

$70K for an IDOR? Yep, it's possible! Snap is running a lucrative campaign in their public bug bounty program honing in on IDOR vulnerabilities. A crit can net you $70K! https://t.co/gyqhGkN66K

First came pre-training scaling; then came inference-time scaling. Now comes judge-time scaling. Despite progress in AI through scaled inference-time compute, AI remains unreliable in open-ended, non-verifiable domains. The key limitation is not generation—it is evaluation.

Results of our jailbreaking challenge: After 5 days, >300,000 messages, and est. 3,700 collective hours our system got broken. In the end 4 users passed all levels, 1 found a universal jailbreak. We’re paying $55k in total to the winners. Thanks to everyone who participated!

still can't believe .zip domains exist