At HackerOne, we prioritize security and transparency in every aspect of our technology. In developing Hai, the generative AI (GenAI)-powered capabilities within the HackerOne platform, we worked closely with customers, security researchers, and industry experts to ensure Hai meets the highest industry standards for safety, trust, and security.

Hai is built to empower security teams with AI-driven insights while maintaining strict security and transparency standards. Hai enhances workflows, provides context-aware assistance, and ensures responsible GenAI use. Hai only operates within clearly defined boundaries to protect user data, prevent misuse, and maintain trust. Data submitted to Hai is not shared with or accessible by other HackerOne customers, nor is it used to train or fine-tune large language models (LLMs).

GenAI-powered capabilities such as Hai require the use of LLMs. By leveraging LLMs, Hai can rapidly distill high volumes of unstructured information to help users make informed decisions regarding the security of their digital assets. When producing this output, Hai considers various contexts, including proprietary insights, specific use cases, and user access controls. This ensures that any content received by users is contextualized to their specific needs while maintaining the privacy and security of their data and that of all other HackerOne users.

❌ Hai does not train, fine-tune, or otherwise improve GenAI or large language models on customer or researcher data.

❌ User conversations are not shared across user accounts. Each conversation is isolated to the requesting user. Hai does not reuse or repurpose conversational data to inform other users’ conversations.

✅ Hai leverages advanced LLM models within our controlled infrastructure. When using Hai, Customer and researcher data does not leave our controlled environment for inference, nor is it used to train or fine-tune these models. The LLMs behind Hai are stateless, meaning they do not retain conversation data or learn from prior interactions.

✅ Context Enrichment with Authorization Controls. Hai fetches data through our existing authorization middleware, ensuring secure data access for Retrieval Augmented Generation (RAG) and tool operations. This means that Hai respects the user-level permissions of the user interacting with Hai. If Hai's end user isn’t authorized to access certain data, Hai cannot access that data on behalf of that user either.

✅ Human-in-the-loop oversight. By default, human users control changes; Hai won’t make updates, send messages, or modify data without approval.

✅The Customer is in control. Hai is enabled by default for all customers. Organization administrators can turn Hai off and manage its availability in the Organization Settings.

✅ Testing coverage through HackerOne’s bug bounty programs. Hai is in scope in HackerOne’s bug bounty program, including authorization boundaries and cross-user or cross-organization data access. Security researchers are encouraged to test and validate Hai’s integrity.

With these guidelines in mind, let’s explore how Hai upholds security, privacy, and responsible AI use. The following sections will explore these areas in detail, outlining the measures to protect user data and ensure trust in every interaction.

Hai is built with security and confidentiality at its core. We understand that customer and researcher vulnerability reports are highly sensitive and must remain under their control.

Managing data privacy within trained or fine-tuned models introduces significant complexities. Balancing granular permission sets and preventing unintended data exposure while maintaining strict access controls can introduce complex security risks. Hai takes a different approach to mitigate these risks: Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.

Hai’s GenAI models are stateless, meaning conversation data does not alter the model. All inferences occur entirely within HackerOne's infrastructure, including calling the model to generate a response. This ensures that HackerOne controls how conversational data is securely used and maintained.

Hai’s design defaults to explicit human-in-the-loop oversight.

In practice, users control changes; Hai won’t make updates, send messages, or modify data without approval. If Hai wants to send an email, it will request confirmation. If it suggests a report severity change, it will present a clear, actionable button for the user to approve.

This principle applies to all agentic interfaces, where Hai may go beyond distilling information and, in addition, perform specific actions autonomously. Users are always in control, enabling specific Hai-driven automations themselves. To reinforce this, we provide information-rich audit logs, allowing users to trace Hai’s actions transparently.

At HackerOne, we embody our security standards. Because all software contains bugs, Hai is included in the scope of our bug bounty program for ongoing security assurance.

As we know from our experience working with customers such as Anthropic and Snap to test their AI systems, the power of the security researcher community to identify even the most elusive vulnerabilities extends to AI systems. That's why we encourage security researchers to look for vulnerabilities in Hai and its underlying authorization middleware. This reinforces our commitment to generative AI security, safety, and trust.

Based on the above principles and considerations, this section provides a technical overview of how Hai operates to achieve accuracy and generate insights using foundation models. We’re describing Hai’s architecture at a high level, followed by two everyday use cases.

The visualization above shows how Hai generates responses by calling an LLM with enriched context. Hai enriches the user’s input with relevant context to create personalized and actionable responses, adding the critical details needed for the LLM to generate accurate and actionable answers. This context enrichment process relies on two key technologies: RAG (Retrieval-Augmented Generation) and Tool integration (another commonly used name for tool integration is “function calling” or “tool calling”).

RAG combines the user prompt with relevant context retrieved in real-time, making LLM answers more grounded and accurate. Hai uses RAG to analyze the user prompt and dynamically load relevant resources. If the user references specific resources in a recognized format, Hai fetches them via HackerOne’s authorization middleware, ensuring that user‐level permissions are enforced. Hai then incorporates the data retrieved into the context and sends it to the LLM. Additionally, Hai uses vector embeddings to load relevant documents, such as platform documentation and other publicly available HackerOne‐specific information.

Although RAG supplies relevant context from stored documents and predefined resources, sometimes the LLM needs dynamic or more specialized data, like reports filtered by date or status. That’s where tools come in. Think of them as mini endpoints within HackerOne that the LLM can call to query or process data. This mechanism lets the LLM tap into HackerOne’s dataset in real time, going beyond static document retrieval. Within the Hai architecture, all tool calls remain subject to the same authentication, validation, and authorization rules as any other HackerOne feature. This means that the tool calls, even those made by Hai on behalf of a user, return only data that the particular user is authorized to access. Once a tool returns results, the LLM reevaluates the conversation with this new information, ensuring the user receives a complete and accurate response. Tools such as Program Insights and Report Insights are critical for Hai capabilities.

Once the LLM generates a satisfactory response using RAG content and retrieved tool data, it returns the answer to the user in natural language.

Next, we’ll explore two everyday interactions showcasing how these techniques work in practice.

Customers often use Hai to get a summary of a vulnerability report submitted to their Bug Bounty or Vulnerability Disclosure Program to synthesize or restructure the report in a preferred format. Here's how this request is handled internally:

Hai can also help with more complex questions, such as understanding how similar issues were handled in the past. This historical context helps customers stay consistent over time and saves effort by removing the need to manually search through old reports.

This type of request involves a few more steps than a simple summary. Hai guides the LLM through multiple small queries and combines the results to surface trends or past decisions from your data.

Here's how that typically works:

Together, retrieval-augmented generation (RAG) and tool-based querying allow Hai to deliver precise, context-aware responses. Each step remains subject to authentication and authorization checks, ensuring strict adherence to user permissions and preventing any cross-user data exposure.

This FAQ provides an overview of Hai’s architecture and details how HackerOne’s (GenAI)-powered capabilities operate within the platform to provide users with intelligent, security-focused assistance.

Hai is a built-in feature of the HackerOne platform designed to act as your AI security analyst agent. Powered by advanced pre-trained LLMs (including from Anthropic and Amazon) through AWS Bedrock, it delivers actionable insights and empowers your team to make faster, more informed decisions. Using an architecture that maintains the security and safety of your data, Hai analyzes your vulnerability reports and other publicly accessible data through the pre-trained LLM to provide responses based on that data only. By distilling complex security data and providing immediate and actionable recommendations, Hai streamlines workflows and helps teams respond quickly to emerging threats.

Hai is enabled by default for all HackerOne customers, providing full access to the agent.

Hai is enabled by default for all organizations. Organization administrators can manage its availability in the Organization Settings under the Hai section. If disabled, organization members will no longer have access to Hai.

Important Note: Disabling Hai for your organization does not disable all AI-driven capabilities within HackerOne products and services. Please see further information below.

Hai is a core component of HackerOne's Services (including HackerOne Triage) and will continue to provide those Services even if you disable Hai for your organization's users.

HackerOne integrates Hai throughout its service offerings as an integral part of its workflow to improve productivity and streamline the triage process. The system analyzes report data to confirm scope alignment, filters potential spam submissions, and evaluates reports against vulnerability criteria and program policies. Security analysts leverage Hai for practical tasks such as automated assessment and scope recommendations while also relying on it for policy compliance checks. Throughout this process, Hai helps reformat reports, generate summaries, and provide remediation advice to enhance the overall quality of vulnerability management.

Customers have organization-wide control over Hai, allowing admins to enable or disable Hai for the entire organization. Granular controls are not supported for selectively enabling or disabling specific Hai functionalities or for a specific subset of a customer's users.

No, Hai does not share customer or researcher data with external parties to train, fine-tune, or otherwise improve GenAI or large language models. However, to provide our services and Hai, we need to use customer and researcher data at inference time. Hai leverages pre-trained LLMs (from vendors including AWS and Anthropic), and all calls to the LLM models are handled within HackerOne’s secure environment, which does not store or learn from your conversational data. Your data remains private and is processed in accordance with our privacy and security standards.

As outlined above, Hai is a GenAI tool, meaning the agent uses your data to provide an answer using the pre-trained LLM. However, Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.

Hai ensures your data stays in your control and never leaves HackerOne without your consent. HackerOne is ISO 27001, SOC2, and FedRAMP certified and GDPR compliant, and Hai is subject to all of our existing high-level security and compliance protocols, which include:

But don't just take our word for it. We invite you and any third-party researchers to validate our controls by using Hai in our bug bounty program.

Hai maintains a record of all interactions through its conversation history feature. Questions and answers are stored on the HackerOne platform, allowing users with appropriate permissions to access historical conversations. This conversation history serves as an audit trail that captures the inputs provided to Hai and the corresponding outputs generated. When generating responses to a user’s prompt, Hai uses only data from the program or programs that the user has permission to access. Hai adds context to help users understand the basis for its responses and ensures traceability for how conclusions are reached.

Customer and researcher data input into Hai is stored and retained according to HackerOne’s standard data retention policies, privacy policies, and terms. This data is safeguarded through our established security measures. Questions and answers are only stored on the platform to allow users with the proper permissions to access and view historical conversations related to their program.

HackerOne's large language model providers, Anthropic and Amazon, manage change and release processes to identify, reduce, mitigate, and manage toxic outputs, hallucinations, and biases. The model cards provided by Amazon Titan and Anthropic Claude describe more information on these risks.

HackerOne provides employees with annual training on evolving AI best practices and regulatory obligations through our yearly privacy training program. Additionally, in compliance with the EU AI Act, we are implementing tailored AI Literacy training requirements for employees.

HackerOne defines reasonable risk tolerances for AI systems informed by laws, regulations, best practices, or industry standards. The organization also establishes policies to define mechanisms for measuring or understanding an AI system's potential impacts, e.g., via regular impact assessments at key stages in the AI lifecycle connected to system impacts and frequency of system updates. However, HackerOne does not require an AI Impact Assessment prior to production release due to the responsible AI principles embedded in its development process and guard rails implemented by default. Hai is enabled by default and is opt-out, with all changes undergoing the same peer review process and automated testing pipelines as other features.

Security researchers have quickly built, adapted, and improved the usage of emerging AI-based technologies across the platform. We call these AI-powered hacking tools “Hackbots.”

Our Community Members are creative, innovative, and independent service providers who choose which tools to use when participating in a customer’s program. Given the rise in the use of Hackbots, HackerOne has updated its guidelines for Community Members to reflect this innovation:

To mitigate the risk of misuse if not properly managed, HackerOne encourages human oversight and adherence to established disclosure practices for Hackbots. These recommended principles are designed to foster a culture of responsible behavior. HackerOne is committed to continuously collaborating with the community to refine and advance these responsible practices as AI-accelerated hacking evolves.

We understand and respect the significance of the confidential information you entrust to us. We do not currently train LLMs using confidential customer data. However, this is a fast-moving environment. If we ever contemplate doing so, we would only do so with customer permission.

HackerOne leverages AI technologies beyond GenAI, including Machine Learning (ML) and Automation. For many years, HackerOne has used ML models to analyze data to identify patterns and improve accuracy in tasks like classifying vulnerabilities.