HackerOne- Experts & Thought Leaders

HackerOne, the cybersecurity company dedicated to eliminating vulnerabilities through continuous testing, announced updates to its intelligent copilot Hai. Hai’s new program insights synthesise data across a customer’s programs, giving them instant understanding and actionable summaries of performance, results, and trends. Now more seamlessly integrated into workflows, Hai continues to help customers save time by making it easy to understand comprehensive program data, improve team communication, and automate tasks for efficient vulnerability management. Customers are also using Hai more than ever, with adoption surging nearly 500% since April. Impact of security program  “Speed is critical for remediation, yet a lot of vulnerability management tasks are still manual and disjointed. Context gets lost, and security teams waste time searching for the information they need to make strategic decisions,” said Michiel Prins, Co-founder and Senior Director of Product Management at HackerOne. “Hai’s program insights solve this by giving customers instant visibility into the right trends so they take action on what will make the biggest impact for their security program.” Human-in-the-loop approach Hai’s human-in-the-loop approach enables customers to take faster strategic action while eliminating repetitive, manual tasks during vulnerability management. With Hai’s support, customers: Strengthen their understanding of program data. Hai can summarise lengthy vulnerability reports into actionable takeaways. Program insights offer at-a-glance visuals to quickly benchmark performance against platform data or detect patterns like reoccurring security risks for more consistent remediation strategies. Improve communication and collaboration across stakeholders. Hai offers writing assistance to help customers craft clear and concise messages to security researchers and internal teams, including language translations, grammar, and tone suggestions.  Accelerate remediation with contextual suggestions and custom Hai “Plays.” Hai automatically adapts to offer relevant follow-up suggestions within existing workflows for deeper insights. Hai Plays also eliminates repetitive tasks by allowing teams to build custom workflows informed by their organisation’s unique domain knowledge and business processes. Automate workflows across the software development lifecycle. Hai can generate custom vulnerability scanner templates, including Nuclei and Burp Suite, to improve scanner consistency. Hai also integrates with HackerOne Automations for dynamic automation that adapts to changing conditions, reducing manual program work. Cybersecurity posture Hai helps customers get the most out of the HackerOne Platform, which offers bug-bounty programs “When it comes to vulnerability management, we’re always looking for ways to make the process more efficient," said Clara Andress, Bug Bounty Operations Manager at Zoom. “Hai gives us actionable suggestions that have eliminated busy work, so we can complete tasks faster and think strategically about continuously improving our overall cybersecurity posture.” Hai helps customers get the most out of the HackerOne Platform, which offers bug bounty programs, vulnerability disclosure programs (VDPs), pentest as a service, and AI red teaming.  Hai’s actionable suggestions This year, HackerOne has accelerated Hai’s evolution, focusing on greater independence, enhanced contextual awareness, and personalised insights.  These advancements enable proactive, tailored recommendations that streamline vulnerability management workflows. Already, over half of HackerOne’s customers leverage Hai’s actionable suggestions and insights to boost efficiency and strengthen their security posture.

Crypto.com, trusted by more than 100 million customers worldwide and the industry pioneer in regulatory compliance, security and privacy, announced that it has upgraded their existing bug bounty program with HackerOne, providing up to USD $2 million in rewards for the reporting of security vulnerabilities.  This is the first time a bug bounty program with HackerOne has reached USD $2 million, and represents the largest available across all bug bounty programs with HackerOne - in the crypto industry and beyond.  Finding critical security gaps “Security and compliance are at the foundation of everything we do at Crypto.com,” said Kris Marszalek, CEO of Crypto.com. “As our business and the industry continue to grow, it’s critically important that we remain focused on our core principles, and this new bounty program does that by setting a new bar.”  “When you operate a global app serving more than 100 million customers, finding critical security gaps before bad actors do is essential to system integrity and customer trust,” said Kara Sprague, CEO of HackerOne. “This record-breaking bounty reflects the significant emphasis Crypto.com puts on consumer protection and their appreciation of the value the ethical hacking community can provide.”  Ethical hacking community “Crypto.com’s responsiveness and dedication to hacker program engagement makes their commitment to the global ethical hacking community second to none,” said Chris Evans, CISO and Chief Hacking Officer of HackerOne. “The top programs on our platform do not just follow our best practices but continuously raise the standard for how all organisations should engage with and reward ethical hackers.”  Enhancing safeguards and consumer protection “While we have dedicated significant efforts to achieve top-tier security certifications, maintaining security assurance requires continuous focus and improvement,” said Jason Lau, Chief Information Security Officer of Crypto.com.  “We have always respected and partnered with the ethical hacking community as an extension of our security team. Deepening our relationship with HackerOne through this milestone and setting this landmark bounty underscores our commitment to enhancing safeguards and consumer protection. We look forward to continuing to productively engage with this community.” Cloud security and privacy certifications Crypto.com became the first virtual asset platform to achieve multiple certifications across all platforms, including SOC2 Type 2, PCI DSS 4.0, ISO 27017 and ISO 27019 for cloud security and privacy certifications in 2023, ISO 22301 for Business Continuity Management in 2021, ISO 27701 for Privacy Information Management System in 2020, and ISO 27001 for Information Security Management Systems in 2019, as well as by conforming to the highest tier of the NIST Cybersecurity and Privacy Frameworks, and obtaining regional specific certifications like the Data Protection Trust Mark and Cyber Trust Mark in Singapore. 

HackerOne, the pioneer in human-powered security, revealed data that found 48% of security professionals believe AI is the most significant security risk to their organisation. Ahead of the launch of its annual Hacker-Powered Security Report, HackerOne revealed early findings, which include data from a survey of 500 security professionals. Review of AI implementations AI red teaming offers this type of external review through the global security researcher community When it comes to AI, respondents were most concerned with the leaking of training data (35%), unauthorised usage of AI within their organisations (33%), and the hacking of AI models by outsiders (32%).  When asked about handling the challenges that AI safety and security issues present, 68% said that an external and unbiased review of AI implementations is the most effective way to identify AI safety and security issues. AI red teaming offers this type of external review through the global security researcher community, who help to safeguard AI models from risks, biases, malicious exploits, and harmful outputs. AI security and safety best practices “While we’re still reaching industry consensus around AI security and safety best practices, there are some clear tactics where organisations have found success,” said Michiel Prins, co-founder at HackerOne. “Anthropic, Adobe, Snap, and other pioneering organisations all trust the global security researcher community to give expert third-party perspective on their AI deployments.” Impact of AI on cybersecurity Further research from a HackerOne-sponsored SANS Institute report studied the impact of AI Further research from a HackerOne-sponsored SANS Institute report explored the impact of AI on cybersecurity and found that over half (58%) of respondents predict AI may contribute to an “arms race” between the tactics and techniques used by security teams and cyber criminals.  The research also found optimism around the use of AI for security team productivity, with 71% reporting satisfaction from implementing AI to automate tedious tasks. However, respondents believed AI productivity gains have benefitted adversaries and were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%). Best applications for AI “Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations — or risk creating more work for themselves,” said Matt Bromiley, Analyst at The SANS Institute. “Our research suggests AI should be viewed as an enabler, rather than a threat to jobs. Automating routine tasks empowers security teams to focus on more strategic activities.” Deeper vulnerability insights HackerOne’s AI-powered co-pilot Hai continues to free up time for security teams by automating tasks HackerOne’s AI-powered co-pilot Hai continues to free up time for security teams by automating tasks and offering deeper vulnerability insights. These benefits drive Hai’s adoption, which has grown 150% since launch and saves security teams an average of five hours of work per week. AI-focused products also continue to drive HackerOne’s business, with AI Red Teaming growing 200% quarter over quarter in Q2 and a 171% increase in security programs adding AI assets into scope. Survey of security professionals Test the AI risk readiness with this interactive quiz and read the full SANS AI 2024 Survey and methodology. The full Hacker-Powered Security Report will be released this fall. The survey of security professionals was conducted by Opinion Matters and surveyed 500 security professionals across the US and Europe. The survey was conducted between July 31, 2024, and August 6th, 2024.