HackerOne AI enhances security with Hai and Code

16 Oct 2025

HackerOne has unveiled advancements in its security offerings with the transition of its AI platform, Hai, from a mere copilot to an agentic AI system. Additionally, the company has launched its AI-driven code security tool, HackerOne Code, for general use. These innovations aim to enhance continuous exposure management by enabling enterprises to identify, prioritise, and address vulnerabilities more efficiently.

Hai, composed of a team of AI agents, undertakes ongoing analysis and contextualisation of security findings to assist organisations in swiftly prioritising and mitigating risks. Evidence from more than 500,000 validated vulnerabilities informs this process, with 70% of users noting significant time savings, including up to 40+ hours a month.

Speeding Up Risk Mitigation

Current agents within Hai are revolutionising security workflows. The Priority Escalation Agent quickly identifies critical risks, while the Deduplication Agent minimises redundant findings. The Report Assistant Agent ensures cohesive reporting, and the Insight Agent provides historical context for faster validation.

Connor Knabe, Application Security Architect at Veterans United Home Loans, commented, “Hai cut our validation time from 20 minutes to just 5. By replacing manual steps with clear context, we validate faster, clarify impact, and stay aligned.”

Innovations in Code Security

In a step towards its future developments, HackerOne is previewing Agentic Pentest as a Service (PtaaS)

With the general availability of HackerOne Code, the firm addresses the need to detect and resolve vulnerabilities before software deployment. Designed for the AI age, HackerOne Code acts like a developer and thinks like a security researcher, enhancing vulnerability discovery through AI and human oversight.

In a step towards its future developments, HackerOne is previewing Agentic Pentest as a Service (PtaaS). This service continuously assesses exploitability at scale, integrating AI capability while retaining the essential touch of human insight. Such advancements push exposure management into the realm of adversarial validation, offering concrete proofs of exploitability and equipping organisations to prioritise and remediate threats confidently.

Advancements in AI-Driven Security

Nidhi Aggarwal, Chief Product Officer at HackerOne, stated, “Hai has been central to our vision for AI-powered offensive security, and today marks the next stage in its evolution. Powered by insights drawn from over a decade of offensive security expertise, Hai’s new agents and the introduction of Agentic PtaaS extends its capabilities from validation to proof of exploitability, helping organisations continuously reduce exposure and accelerate remediation at scale. In the AI era, secure development must be built in, not bolted on. HackerOne Code empowers developers with validated, trusted code fixes directly within their workflows, enabling them to innovate faster without increasing risk.”

Show full press release

HackerOne, a pioneer in offensive security solutions, announces the evolution of HackerOne AI, Hai, from a copilot into an agentic AI system, and the general availability of its AI-native code security product, HackerOne Code. Together, they set a new standard in continuous exposure management by accelerating how enterprises find, prioritise, and remediate vulnerabilities.

Hai is HackerOne’s coordinated team of AI agents that continuously analyses and contextualises findings to help organisations prioritise, validate, and remediate risks faster, guided by insights from over 500,000 validated vulnerabilities. 70% of users cite time savings as the biggest impact, with users saving up to 40+ hours every month, a full work week.

Remediating risks faster

Hai’s current agents are reshaping workflows:

Priority Escalation Agent uncovers critical risks without delay
Deduplication Agent eliminates duplicates and reduces noise
Report Assistant Agent ensures complete, consistent reports
Insight Agent surfaces historical context to accelerate validation

“Hai cut our validation time from 20 minutes to just 5," said Connor Knabe, Application Security Architect, Veterans United Home Loans. "By replacing manual steps with clear context, we validate faster, clarify impact, and stay aligned.”

Code security solution

To solve the challenge of discovering and eliminating vulnerabilities before applications are deployed, HackerOne Code is now generally available. Built for the AI development era, HackerOne Code is a code security solution that works like a developer and thinks like a security researcher—scaling vulnerability discovery with AI and human oversight.

HackerOne is also previewing the next milestone in its agentic roadmap: Agentic Pentest as a Service (PtaaS). Taking validation a step further, Agentic PtaaS continuously proves exploitability at AI-driven scale while keeping human ingenuity at the core. This breakthrough extends exposure management into adversarial validation, delivering real proof of exploitation so organisations can prioritise and remediate with greater confidence.

AI-powered offensive security

“Hai has been central to our vision for AI-powered offensive security, and today marks the next stage in its evolution,” said Nidhi Aggarwal, Chief Product Officer at HackerOne.

“Powered by the insights drawn from over a decade of offensive security expertise, Hai’s new agents and the introduction of Agentic PtaaS extends its capabilities from validation to proof of exploitability, helping organisations continuously reduce exposure and accelerate remediation at scale. In the AI era, secure development must be built in, not bolted on. HackerOne Code empowers developers with validated, trusted code fixes directly within their workflows, enabling them to innovate faster without increasing risk.”

Download PDF version Download PDF version

Add as a preferred source on Google