28 Feb 2024

HackerOne, the pioneer in human-powered security, announced new AI augmentations that integrate the company’s human intelligence with the transformative power of artificial intelligence.

HackerOne has launched the beta version of its GenAI co-pilot, Hai, that will help customers interpret their vulnerability reports and provide additional insights and advice on remediation. HackerOne has also accelerated its AI red teaming offering with customer and hacker growth in the AI space.

HackerOne’s triage workflow

The co-pilot can transform natural language into a query, provide additional relevant context

Hai introduces GenAI capabilities into the HackerOne Platform. The co-pilot can transform natural language into a query, provide additional relevant context on vulnerability reports, and use platform data to provide recommendations.

Hai has become an integral part of HackerOne’s triage workflow, helping the industry’s largest in-house analyst team push boundaries and continue to set world-class response times. Hai’s benefits for customers include:

  • Synthesising Complex Vulnerability Data: Whether faced with intricate reports or technical details, Hai provides easily understandable explanations of vulnerabilities, enhancing comprehension and analysis.
  • Generating Powerful Nuclei Templates with Ease: Enhance Nuclei scanner consistency by asking Hai to craft customised templates, automating vulnerability detection and preventing regressions.
  • Accessing Tailored Remediation Advice: Determine the best approach to fixing a vulnerability by analysing it with Hai and receiving personalised remediation advice.
  • Improving Hacker Communication: Ask Hai to craft elegant and succinct messages to hackers on the behalf, enhancing collaboration.

HackerOne program

Hai has significantly reduced the time my team spends sifting through bug reports or creating responses, allowing us to focus more on resolving and communicating vulnerabilities quickly,” said Alexander Hagenah, Head of Cyber Controls at Six Group.

Utilising Hai for translating complex vulnerability findings into remediation advice has been a game changer for us,” said the Vice President of Cybersecurity at a Fortune 500 Real Estate Services and Investment Firm. “It bridges the gap between our technical reports and our internal audience, enhancing the value of our HackerOne program by making actionable insights accessible to everyone.”

HackerOne’s community

HackerOne’s society of curated hackers who specialise in exploring the cases and security

Concurrently, HackerOne has expanded its AI red teaming offering for customers who are either in the AI space or are deploying GenAI tools in their own products and services. HackerOne’s community of curated hackers who specialise in exploring the possibilities and security issues in GenAI are helping customers develop their tools and features safely and securely by stress-testing their deployments. 

HackerOne offers both AI safety and AI security red teaming exercises, which can take the form of pentest engagements, security assessments, or bug bounty programs. Since January 2023, over 200 unique hackers have submitted over 1200 safety and security vulnerabilities affecting AI deployments, with over $230,000 paid out in bounties.

HackerOne’s latest AI innovations

"We knew we wanted to do adversarial testing on the product, and a security expert on our team suggested a bug bounty-style program,” said Ilana Arbisser, Technical Lead, AI Safety at Snap Inc. “From there, we devised the idea to use a 'Capture the Flag' (CTF) style exercise that would incentivise researchers to look for our specific areas of concern. Capture the Flag exercises are a common cybersecurity exercise, and a CTF was used to test large language models (LLMs) at DEFCON. We hadn't seen this applied to testing text-to-image models but thought it could be effective."

HackerOne’s latest AI innovations are only scratching the surface of what’s possible with this technology,” said Michiel Prins, Co-Founder and Senior Director of Product Development at HackerOne. “But AI solutions and deployments can’t be successful without human input. AI red teaming uses human creativity to strengthen and improve this evolving technology. By combining human ingenuity with the productivity of GenAI, we can help our company and our customers unlock the full potential of AI.”

Future iterations of Hai

HackerOne customers can now test drive Hai using the platform by navigating to the beta features page and enabling Hai. Future iterations of Hai will be made available to hackers also.

To find out more about AI red teaming, register for the upcoming "Ask Me Anything" (AMA) session with three ethical hackers specialising in AI security and safety.