At HackerOne, security and transparency guide every stage of our technology development. Hai, the generative AI (GenAI) system embedded within the HackerOne platform, is built in close collaboration with customers, security researchers, and industry experts to meet the highest standards of safety, trust, and security.

Hai operates as a coordinated team of AI agents that transform findings and complex data into clear, actionable guidance. It accelerates decision-making, strengthens communication with researchers, and adapts to organizational processes and guidelines.

Hai relies on large language models (LLMs) to distill high volumes of unstructured information. To generate outputs, Hai considers proprietary insights, organization-specific context, and user-level permissions. This ensures responses are tailored to each user while protecting all customer and researcher data within the platform.

The following sections provide further details on these commitments. Each area offers deeper insight into how Hai safeguards data, maintains rigorous operational controls, and upholds HackerOne’s security obligations and trust standards.

Hai is designed with strong security and confidentiality protections. Vulnerability reports contain sensitive information, and HackerOne ensures they remain under customer and researcher control.

Managing data privacy within trained or fine-tuned models introduces significant complexities. Balancing granular permission sets and preventing unintended data exposure while maintaining strict access controls can introduce complex security risks. Hai takes a different approach to mitigate these risks: Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.

Hai’s GenAI models are stateless, meaning conversation data does not alter the model. All inferences occur entirely within HackerOne's infrastructure, including calling the model to generate a response. This ensures that HackerOne controls how conversational data is used and maintained securely.

Hai defaults to explicit human-in-the-loop oversight. It requests approval before making updates, sending communications, or adjusting report attributes. Whenever Hai proposes an action—such as sending an email or changing a severity—it provides a clear, actionable prompt for approval.

Agentic features follow the same principle. Each action is logged, and users can review Hai’s behavior through detailed audit trails.

HackerOne subjects Hai to ongoing testing through its bug bounty program. Security researchers evaluate authorization boundaries, cross-tenant protections, and agent behaviors. This complements HackerOne’s internal testing and reinforces the security of Hai’s design.

Based on the above principles and considerations, this section provides a technical overview of how Hai operates to achieve accuracy and generate insights using foundation models.

Hai operates by enriching user prompts with relevant context before calling an LLM. The context enrichment relies on two key capabilities:

Retrieval-Augmented Generation (RAG)

Tooling (Function Calling)

The combination of RAG and tool-based querying enables accurate, context-aware, and permission-aware responses. This same RAG flow applies to autonomous agents operating within the platform.

Autonomous Agents

Customers often use Hai to get a summary of a vulnerability report submitted to their Bug Bounty or Vulnerability Disclosure Program to synthesize or restructure the report in a preferred format. Here's how this request is handled internally:

Hai can also help with more complex questions, such as understanding how similar issues were handled in the past. This historical context helps customers stay consistent over time and saves effort by removing the need to manually search through old reports.

This type of request involves a few more steps than a simple summary. Hai guides the LLM through multiple small queries and combines the results to surface trends or past decisions from your data.

Here's how that typically works:

RAG and tool-based workflows ensure precision and protect authorization boundaries.

Hai is a generative AI system that coordinates multiple specialized AI agents within the HackerOne platform, transforming findings into validated, actionable guidance. Hai operates under strict security and data governance controls. It relies only on data the user is authorized to access and helps accelerate remediation and decision-making.

Hai is enabled by default for all customers and researchers.

Administrators can disable Hai for their organization. Doing so blocks users from accessing Hai Chat, but does not disable AI-driven capabilities used by HackerOne to support its Services.

Yes. Hai is a core part of HackerOne’s services (including Hai Triage) and will continue to support those workflows even if you disable Hai for your users.

HackerOne integrates Hai throughout its service offerings as an integral part of its workflow to improve productivity and streamline triage. The system analyzes report data to confirm scope alignment, filters potential spam submissions, and evaluates reports against vulnerability criteria and program guidelines.

Controls operate at the organization level, allowing admins to enable or disable Hai for the entire organization. Granular controls are not supported for specific features or for a specific subset of users.

No. Hai does not share customer or researcher data with external parties for the purpose of training, fine-tuning, or otherwise improving GenAI or large language models. Customer and researcher data are used only for inference at response generation time.

Hai uses pre-trained LLMs from trusted and vetted providers. When Hai sends data to an LLM for inference, it does so through secure, governed integrations that ensure the model does not store or learn from your conversational data. These providers process the data only to generate the requested output and do not retain it.

As outlined above, Hai is a GenAI tool, meaning the agent uses your data to provide an answer using the pre-trained LLM. However, Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.

Hai ensures that your data remains under your control and is not shared outside HackerOne without your consent. HackerOne is ISO 27001, SOC 2, and FedRAMP certified, and GDPR compliant. Hai adheres to all existing security and compliance protocols applicable across the HackerOne platform. This includes strict authentication and authorization controls, governed integrations with vetted model providers, and safeguards that prevent customer and researcher data from being used to train or fine-tune third-party models. All inference requests are handled in a way that ensures data is processed securely, not retained by model providers, and not exposed across users or organizations.

Hai is subject to all of our existing high-level security and compliance protocols, which include:

But don't just take our word for it. We invite you and any third-party researchers to validate our controls by using Hai in our bug bounty program.

Yes. Hai maintains a record of all interactions through its conversation history feature. Questions and answers are stored on the HackerOne platform, allowing users with appropriate permissions to access historical conversations. This serves as an audit trail, capturing inputs and the corresponding outputs generated.

When generating responses to a user’s prompt, Hai uses only data from the program or programs that the user has permission to access. Hai adds context to help users understand the basis for its responses and ensures traceability for how conclusions are reached.

Data is stored and retained in accordance with HackerOne’s standard data retention policies, privacy policies, and terms. This data is safeguarded through our established security measures. Interactions are only stored on the platform to allow users with the proper permissions to access and view historical conversations related to their program.

Model providers such as Anthropic and Amazon manage change and release processes to identify, reduce, mitigate, and manage toxic outputs, hallucinations, and biases. The model cards provided by Amazon Titan, Anthropic Claude 4, Anthropic Haiku 4.5, and Anthropic Claude 4.5 provide more information on these risks.

HackerOne employees receive training on AI best practices and regulatory obligations through our annual privacy training program. Additionally, in compliance with the EU AI Act, HackerOne meets AI Literacy training requirements for employees.

HackerOne defines reasonable risk tolerances for AI systems, which are informed by laws, regulations, best practices, and industry standards. HackerOne also establishes guidelines to define mechanisms for measuring or understanding an AI system's potential impacts, e.g., via regular impact assessments at key stages in the AI lifecycle connected to system impacts and the frequency of system updates.

Security researchers have quickly built, adapted, and improved the usage of emerging AI-based technologies across the platform. We call these AI-powered hacking tools “hackbots.”

The Report Assistant Agent on-platform AI capability helps community members improve clarity, completeness, and reproducibility when writing vulnerability reports. It works only with content provided by the researcher, does not submit reports autonomously, and preserves the researcher’s full responsibility and ownership of each submission. All outputs remain subject to platform rules, program guidelines, and human-in-the-loop requirements.

HackerOne encourages careful human oversight and adherence to established disclosure practices. These guardrails support responsible innovation while protecting customers, researchers, and the broader ecosystem, and HackerOne continues to collaborate with the community to refine these practices as AI-accelerated hacking evolves.

HackerOne applies the same rigorous security controls regardless of which AI provider processes a request. Every provider interaction flows through our authorization middleware, encryption layer, and audit logging. Your data receives identical protection regardless of which approved provider processes the request. The engine may differ, but the security envelope does not.

HackerOne maintains full transparency about AI providers through our published subprocessors list. Before any new provider can process customer data, they are formally added to this list. Customers subscribed to subprocessor notifications receive a 30-day notice of any additions, giving you visibility and time to review changes. This is the same process we use for all data processors—AI providers receive no special treatment or exemptions.

We understand and respect the significance of the confidential information you entrust to us. We do not currently train LLMs using confidential customer data. However, this is a fast-moving environment. If we ever consider doing so, we would only do so with customer permission.

HackerOne leverages AI technologies beyond GenAI, including machine learning (ML) models and automation tools. These technologies enable systems to automatically learn and identify patterns, and to provide advanced capabilities such as predictive analytics, automation, personalization, and anomaly detection. For many years, HackerOne has used ML models and automation tools to analyze data, identify patterns, and improve accuracy in tasks such as vulnerability classification.