Overview
At HackerOne, we prioritize security and transparency in every aspect of our technology. In developing Hai, the generative AI (GenAI)-powered capabilities within the HackerOne platform, we worked closely with customers, security researchers, and industry experts to ensure Hai meets the highest industry standards for safety, trust, and security.
Hai is built to empower security teams with AI-driven insights while maintaining strict security and transparency standards. Hai enhances workflows, provides context-aware assistance, and ensures responsible GenAI use. Hai only operates within clearly defined boundaries to protect user data, prevent misuse, and maintain trust. Data submitted to Hai is not shared with or accessible by other HackerOne customers, nor is it used to train or fine-tune large language models (LLMs).
GenAI-powered capabilities such as Hai require the use of LLMs. By leveraging LLMs, Hai can rapidly distill high volumes of unstructured information to help users make informed decisions regarding the security of their digital assets. When producing this output, Hai considers various contexts, including proprietary insights, specific use cases, and user access controls. This ensures that any content received by users is contextualized to their specific needs while maintaining the privacy and security of their data and that of all other HackerOne users.
What HackerOne Does and Does Not Do with Hai
❌ Hai does not train, fine-tune, or otherwise improve GenAI or large language models on customer or researcher data.
❌ User conversations are not shared across user accounts. Each conversation is isolated to the requesting user. Hai does not reuse or repurpose conversational data to inform other users’ conversations.
✅ Hai leverages advanced LLM models within our controlled infrastructure. When using Hai, Customer and researcher data does not leave our controlled environment for inference, nor is it used to train or fine-tune these models. The LLMs behind Hai are stateless, meaning they do not retain conversation data or learn from prior interactions.
✅ Context Enrichment with Authorization Controls. Hai fetches data through our existing authorization middleware, ensuring secure data access for Retrieval Augmented Generation (RAG) and tool operations. This means that Hai respects the user-level permissions of the user interacting with Hai. If Hai's end user isn’t authorized to access certain data, Hai cannot access that data on behalf of that user either.
✅ Human-in-the-loop oversight. By default, human users control changes; Hai won’t make updates, send messages, or modify data without approval.
✅The Customer is in control. Hai is enabled by default for all customers. Organization administrators can turn Hai off and manage its availability in the Organization Settings.
✅ Testing coverage through HackerOne’s bug bounty programs. Hai is in scope in HackerOne’s bug bounty program, including authorization boundaries and cross-user or cross-organization data access. Security researchers are encouraged to test and validate Hai’s integrity.
With these guidelines in mind, let’s explore how Hai upholds security, privacy, and responsible AI use. The following sections will explore these areas in detail, outlining the measures to protect user data and ensure trust in every interaction.
Data Security and Confidentiality
Hai is built with security and confidentiality at its core. We understand that customer and researcher vulnerability reports are highly sensitive and must remain under their control.
Managing data privacy within trained or fine-tuned models introduces significant complexities. Balancing granular permission sets and preventing unintended data exposure while maintaining strict access controls can introduce complex security risks. Hai takes a different approach to mitigate these risks: Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.
Hai’s GenAI models are stateless, meaning conversation data does not alter the model. All inferences occur entirely within HackerOne's infrastructure, including calling the model to generate a response. This ensures that HackerOne controls how conversational data is securely used and maintained.
Human-in-the-Loop Oversight
Hai’s design defaults to explicit human-in-the-loop oversight.
In practice, users control changes; Hai won’t make updates, send messages, or modify data without approval. If Hai wants to send an email, it will request confirmation. If it suggests a report severity change, it will present a clear, actionable button for the user to approve.
This principle applies to all agentic interfaces, where Hai may go beyond distilling information and, in addition, perform specific actions autonomously. Users are always in control, enabling specific Hai-driven automations themselves. To reinforce this, we provide information-rich audit logs, allowing users to trace Hai’s actions transparently.
Continuous Security
At HackerOne, we embody our security standards. Because all software contains bugs, Hai is included in the scope of our bug bounty program for ongoing security assurance.
As we know from our experience working with customers such as Anthropic and Snap to test their AI systems, the power of the security researcher community to identify even the most elusive vulnerabilities extends to AI systems. That's why we encourage security researchers to look for vulnerabilities in Hai and its underlying authorization middleware. This reinforces our commitment to generative AI security, safety, and trust.
Hai Architecture Overview
Based on the above principles and considerations, this section provides a technical overview of how Hai operates to achieve accuracy and generate insights using foundation models. We’re describing Hai’s architecture at a high level, followed by two everyday use cases.
The visualization above shows how Hai generates responses by calling an LLM with enriched context. Hai enriches the user’s input with relevant context to create personalized and actionable responses, adding the critical details needed for the LLM to generate accurate and actionable answers. This context enrichment process relies on two key technologies: RAG (Retrieval-Augmented Generation) and Tool integration (another commonly used name for tool integration is “function calling” or “tool calling”).
RAG combines the user prompt with relevant context retrieved in real-time, making LLM answers more grounded and accurate. Hai uses RAG to analyze the user prompt and dynamically load relevant resources. If the user references specific resources in a recognized format, Hai fetches them via HackerOne’s authorization middleware, ensuring that user‐level permissions are enforced. Hai then incorporates the data retrieved into the context and sends it to the LLM. Additionally, Hai uses vector embeddings to load relevant documents, such as platform documentation and other publicly available HackerOne‐specific information.
Although RAG supplies relevant context from stored documents and predefined resources, sometimes the LLM needs dynamic or more specialized data, like reports filtered by date or status. That’s where tools come in. Think of them as mini endpoints within HackerOne that the LLM can call to query or process data. This mechanism lets the LLM tap into HackerOne’s dataset in real time, going beyond static document retrieval. Within the Hai architecture, all tool calls remain subject to the same authentication, validation, and authorization rules as any other HackerOne feature. This means that the tool calls, even those made by Hai on behalf of a user, return only data that the particular user is authorized to access. Once a tool returns results, the LLM reevaluates the conversation with this new information, ensuring the user receives a complete and accurate response. Tools such as Program Insights and Report Insights are critical for Hai capabilities.
Once the LLM generates a satisfactory response using RAG content and retrieved tool data, it returns the answer to the user in natural language.
Next, we’ll explore two everyday interactions showcasing how these techniques work in practice.
Hai Use Case 1: Summarizing a Vulnerability Report
Customers often use Hai to get a summary of a vulnerability report submitted to their Bug Bounty or Vulnerability Disclosure Program to synthesize or restructure the report in a preferred format. Here's how this request is handled internally:
User Request
The user asks Hai to summarize a specific report, including a report ID (for example, “Summarize #1234 for me, please”).Contextual Recognition
Hai recognizes the report ID and includes its data as context to generate a relevant summary.Data Retrieval
Hai fetches the report details on the user’s behalf. All requests go through established authorization boundaries, so Hai only accesses data the user can see.LLM Processing
Hai sends the user’s question and the retrieved report details to the LLM running within HackerOne’s controlled infrastructure. The LLM generates a concise summary, which Hai forwards to the user.Clean up
Once the LLM processes the information and generates a summary, it resets to its original state. The interaction isn’t stored in the model—only the summary and a detailed audit log are saved in the HackerOne platform.
Hai Use Case 2: Generating Report Insights
Hai can also help with more complex questions, such as understanding how similar issues were handled in the past. This historical context helps customers stay consistent over time and saves effort by removing the need to manually search through old reports.
This type of request involves a few more steps than a simple summary. Hai guides the LLM through multiple small queries and combines the results to surface trends or past decisions from your data.
Here's how that typically works:
Starting with the Report
As with summarization, Hai begins by pulling up the report based on your request (like, “How did we handle #1234 before?”).Realizing More Info Is Needed
To give a helpful answer, the LLM figures out it needs more context, such as how your team has handled similar issues in the past. Instead of guessing, Hai uses one of Hai’s tools to get that information.Looking Up Past Reports
Hai uses the “report insights” tool to find relevant historical data. This request is checked to make sure it only returns information the user is allowed to access.Using That Info to Improve the Answer
The LLM adds the new data to its understanding of the situation and uses it to create a more thoughtful, useful response.Looping Back if Needed
If the LLM still needs more detail, Hai can ask for more data, either by adjusting the previous request or using a different tool. Access checks are enforced each time to protect data privacy. Hai keeps refining the answer until it’s accurate and useful.
Together, retrieval-augmented generation (RAG) and tool-based querying allow Hai to deliver precise, context-aware responses. Each step remains subject to authentication and authorization checks, ensuring strict adherence to user permissions and preventing any cross-user data exposure.
Frequently Asked Questions (FAQ)
This FAQ provides an overview of Hai’s architecture and details how HackerOne’s (GenAI)-powered capabilities operate within the platform to provide users with intelligent, security-focused assistance.
What is Hai?
Hai is a built-in feature of the HackerOne platform designed to act as your AI security analyst agent. Powered by advanced pre-trained LLMs (including from Anthropic and Amazon) through AWS Bedrock, it delivers actionable insights and empowers your team to make faster, more informed decisions. Using an architecture that maintains the security and safety of your data, Hai analyzes your vulnerability reports and other publicly accessible data through the pre-trained LLM to provide responses based on that data only. By distilling complex security data and providing immediate and actionable recommendations, Hai streamlines workflows and helps teams respond quickly to emerging threats.
Who can use Hai?
Hai is enabled by default for all HackerOne customers, providing full access to the agent.
Can I turn Hai off for my employees?
Hai is enabled by default for all organizations. Organization administrators can manage its availability in the Organization Settings under the Hai section. If disabled, organization members will no longer have access to Hai.
Important Note: Disabling Hai for your organization does not disable all AI-driven capabilities within HackerOne products and services. Please see further information below.
How does HackerOne use Hai in its Services, and will these Services still use Hai if I disable it for my organization?
Hai is a core component of HackerOne's Services (including HackerOne Triage) and will continue to provide those Services even if you disable Hai for your organization's users.
HackerOne integrates Hai throughout its service offerings as an integral part of its workflow to improve productivity and streamline the triage process. The system analyzes report data to confirm scope alignment, filters potential spam submissions, and evaluates reports against vulnerability criteria and program policies. Security analysts leverage Hai for practical tasks such as automated assessment and scope recommendations while also relying on it for policy compliance checks. Throughout this process, Hai helps reformat reports, generate summaries, and provide remediation advice to enhance the overall quality of vulnerability management.
Can I opt out of specific GenAI capabilities for Hai while keeping others?
Customers have organization-wide control over Hai, allowing admins to enable or disable Hai for the entire organization. Granular controls are not supported for selectively enabling or disabling specific Hai functionalities or for a specific subset of a customer's users.
Does Hai share data with third parties?
No, Hai does not share customer or researcher data with external parties to train, fine-tune, or otherwise improve GenAI or large language models. However, to provide our services and Hai, we need to use customer and researcher data at inference time. Hai leverages pre-trained LLMs (from vendors including AWS and Anthropic), and all calls to the LLM models are handled within HackerOne’s secure environment, which does not store or learn from your conversational data. Your data remains private and is processed in accordance with our privacy and security standards.
Does Hai use my data for GenAI training purposes?
As outlined above, Hai is a GenAI tool, meaning the agent uses your data to provide an answer using the pre-trained LLM. However, Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.
How does Hai keep my data secure?
Hai ensures your data stays in your control and never leaves HackerOne without your consent. HackerOne is ISO 27001, SOC2, and FedRAMP certified and GDPR compliant, and Hai is subject to all of our existing high-level security and compliance protocols, which include:
Role-based access controls (RBAC)
System hardening
Regular patching and maintenance
Robust logging
At least annual AI Red Teaming & Penetration Testing
But don't just take our word for it. We invite you and any third-party researchers to validate our controls by using Hai in our bug bounty program.
Does Hai provide explainable outputs and audit logs?
Hai maintains a record of all interactions through its conversation history feature. Questions and answers are stored on the HackerOne platform, allowing users with appropriate permissions to access historical conversations. This conversation history serves as an audit trail that captures the inputs provided to Hai and the corresponding outputs generated. When generating responses to a user’s prompt, Hai uses only data from the program or programs that the user has permission to access. Hai adds context to help users understand the basis for its responses and ensures traceability for how conclusions are reached.
How is data stored and retained when input into Hai?
Customer and researcher data input into Hai is stored and retained according to HackerOne’s standard data retention policies, privacy policies, and terms. This data is safeguarded through our established security measures. Questions and answers are only stored on the platform to allow users with the proper permissions to access and view historical conversations related to their program.
What controls are in place to limit unintended GenAI outcomes such as toxic outputs, hallucinations, and biases?
HackerOne's large language model providers, Anthropic and Amazon, manage change and release processes to identify, reduce, mitigate, and manage toxic outputs, hallucinations, and biases. The model cards provided by Amazon Titan and Anthropic Claude describe more information on these risks.
How do you train your staff on AI regulatory considerations?
HackerOne provides employees with annual training on evolving AI best practices and regulatory obligations through our yearly privacy training program. Additionally, in compliance with the EU AI Act, we are implementing tailored AI Literacy training requirements for employees.
What is HackerOne's approach to AI risk tolerance and impact measurement?
HackerOne defines reasonable risk tolerances for AI systems informed by laws, regulations, best practices, or industry standards. The organization also establishes policies to define mechanisms for measuring or understanding an AI system's potential impacts, e.g., via regular impact assessments at key stages in the AI lifecycle connected to system impacts and frequency of system updates. However, HackerOne does not require an AI Impact Assessment prior to production release due to the responsible AI principles embedded in its development process and guard rails implemented by default. Hai is enabled by default and is opt-out, with all changes undergoing the same peer review process and automated testing pipelines as other features.
How does HackerOne govern the use of AI tools by Community Members?
Security researchers have quickly built, adapted, and improved the usage of emerging AI-based technologies across the platform. We call these AI-powered hacking tools “Hackbots.”
Our Community Members are creative, innovative, and independent service providers who choose which tools to use when participating in a customer’s program. Given the rise in the use of Hackbots, HackerOne has updated its guidelines for Community Members to reflect this innovation:
All Hackbots must operate within the boundaries of the published vulnerability disclosure policies of the programs they interact with and must comply with HackerOne's Code of Conduct and Disclosure Guidelines.
AI tools are not allowed to operate fully autonomously. Our 'hacker-in-the-loop' model requires human experts to investigate, validate, and confirm all potential vulnerabilities before submitting them to any Vulnerability Disclosure or Bug Bounty Program.
Hackbot operators are fully responsible for their AI tools and must exercise due diligence to ensure compliance with platform rules and program policies.
Human operators using Hackbots qualify for applicable Rewards, just as if vulnerabilities were discovered through traditional means.
To mitigate the risk of misuse if not properly managed, HackerOne encourages human oversight and adherence to established disclosure practices for Hackbots. These recommended principles are designed to foster a culture of responsible behavior. HackerOne is committed to continuously collaborating with the community to refine and advance these responsible practices as AI-accelerated hacking evolves.
What if HackerOne changes its position on training LLMs with confidential customer data?
We understand and respect the significance of the confidential information you entrust to us. We do not currently train LLMs using confidential customer data. However, this is a fast-moving environment. If we ever contemplate doing so, we would only do so with customer permission.
How does HackerOne use AI beyond GenAI?
HackerOne leverages AI technologies beyond GenAI, including Machine Learning (ML) and Automation. For many years, HackerOne has used ML models to analyze data to identify patterns and improve accuracy in tasks like classifying vulnerabilities.