At HackerOne, security and transparency guide every stage of our technology development. Hai, the generative AI (GenAI) system that powers AI capabilities across the HackerOne platform, is built in close collaboration with customers, security researchers, and industry experts to meet the highest standards of safety, trust, and security.

Hai operates as a coordinated team of AI agents that assist with platform workflows by transforming findings and complex data into clear, actionable guidance, analyzing source code for security risks and remediation strategies, and conducting dynamic security testing of customer assets.

Hai relies on large language models (LLMs) to distill high volumes of unstructured information. To generate outputs, Hai considers proprietary insights, organization-specific context, and user-level permissions. Whether operating on platform data, customer source code, or other connected context sources, or live application environments, Hai applies consistent security and data governance controls to ensure responses are tailored to each user while protecting all customer and researcher data within the platform.

The following sections provide further details on these commitments. Each area offers deeper insight into how Hai safeguards data, maintains rigorous operational controls, and upholds HackerOne’s security obligations and trust standards.

Hai is designed with strong security and confidentiality protections. Vulnerability reports, source code repositories, and other connected/integrated context sources contain sensitive information, and HackerOne ensures they remain under user control.

Managing data privacy within pre-trained models introduces significant complexities. Balancing granular permission sets and preventing unintended data exposure while maintaining strict access controls can introduce complex security risks. HackerOne takes a different approach to mitigate these risks: we do not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.

Hai’s GenAI models are stateless, meaning interaction data does not alter the model. Each LLM supporting Hai operates statelessly, with zero data retention. All inferences occur entirely within HackerOne's infrastructure, including calling the model to generate a response. This ensures that HackerOne controls how conversational data is used and maintained securely.

Hai defaults to explicit human-in-the-loop oversight. For interactive platform features, approval is required before performing consequential actions (e.g., paying a bounty, remediating a vulnerability). Whenever Hai proposes an action, it provides a clear, actionable recommendation for approval, along with detailed audit logs showing how Hai arrived at its conclusion.

Agentic features follow the same principle. Where agents operate autonomously — such as during vulnerability validation, security testing, or code analysis — customers define the authorized scope, targets, and operational guardrails before agents begin. Agents operate strictly within these boundaries, and customers can halt active testing or disable customer-facing agent workflows at any time. Each action is logged, and users can review Hai’s behavior through detailed audit trails.

HackerOne subjects Hai to ongoing testing through its bug bounty program. Security researchers evaluate authorization boundaries, cross-tenant protections, and agent behaviors. This complements HackerOne’s internal testing and reinforces the security of Hai’s design.

Based on the above principles and considerations, this section provides a technical overview of how Hai operates to achieve accuracy and generate insights using foundation models. Hai's architecture supports multiple modes of operation — from interactive platform assistance and chat to agentic vulnerability validation to autonomous security testing and code analysis — each governed by the same core security principles.

Hai operates by enriching user prompts with relevant context before calling an LLM. The context enrichment relies on two key capabilities:

Retrieval-Augmented Generation (RAG)

Tooling (Function Calling)

The combination of RAG and tool-based querying enables accurate, context-aware, and permission-aware responses.

Autonomous Agents

Customers often use Hai to get a summary of a vulnerability report submitted to their Bug Bounty or Vulnerability Disclosure Program to synthesize or restructure the report in a preferred format. Here's how this request is handled internally:

Hai can also help orchestrate the process of determining whether a new report received in one of your programs represents a valid, non-duplicated, and in-scope vulnerability that must be remediated.

This type of request involves a few more steps than a simple summary. Hai orchestrates a multi-agent workflow and combines the results into a unified recommendation for human review.

When a new report is submitted

Based on the issue type, Hai will map a set of steps in the automated workflow, then kick off specialized agents to execute them. For example:

Customers can authorize Hai's security testing agents to conduct agentic vulnerability assessments against their applications.

Here's how a typical engagement works:

Customers can connect their source code repositories to Hai's code analysis agents for automated vulnerability detection. Here's how a typical scan works:

Hai is a generative AI system that coordinates multiple specialized AI agents within the HackerOne platform, transforming findings into validated, actionable guidance. Hai operates under strict security and data governance controls. It relies only on data the user is authorized to access and helps accelerate remediation and decision-making.

Hai’s availability and specific feature sets vary based on your selected subscription package. Customers can unlock specialized capabilities, including agentic testing, code analysis, and automated validation workflows, depending on their licensing tier.

Administrators can disable Hai for their organization. Doing so blocks users from accessing customer-facing Hai capabilities, such as Hai Chat or Agentic Validation, but does not disable AI-driven capabilities used by HackerOne to support its Services, such as Triage.

Yes. Hai is a core part of HackerOne’s services (including Hai Triage) and will continue to support those workflows even if you disable Hai for your users.

HackerOne integrates Hai across its service offerings as an integral part of its workflow to improve productivity and streamline triage. The system analyzes report data to confirm scope alignment, filters potential spam submissions, and evaluates reports against vulnerability criteria and program guidelines.

Yes. Admins can manage the core Hai experience at the organization level while using granular controls to manage advanced agentic capabilities.

Hai uses pre-trained LLMs from private, trusted providers (see subprocessors approved for AI processing activities here). When Hai sends data to an LLM for inference, it does so through secure, governed integrations. These providers process the data only to generate the requested output and do not retain it. Technical and contractual guardrails prevent our approved model providers from using input or output data for their own model improvements or training.

As outlined above, Hai is a GenAI tool, meaning the agent uses your data to provide an answer using the pre-trained LLM. However, Hai does not train, fine-tune, or otherwise improve GenAI or large language models with customer or researcher data.

AI agents perform best with sufficient context. We use a progressive context model, where agents start with minimal context and gain access to additional context as needed and as authorized.

The system is modular, allowing agents to operate with limited input and expand context during task execution. The LLMs do not retain any data after the task is completed. All access is handled just-in-time (JIT) and can be audited through agent logs and traces.

The categories of data processed by AI include:

Hai ensures that your data remains under your control and is not shared outside HackerOne without your consent. HackerOne is ISO 27001, SOC 2, and FedRAMP certified, and GDPR compliant. Hai adheres to all existing security and compliance protocols applicable across the HackerOne platform. This includes strict authentication and authorization controls, governed integrations with vetted model providers, and safeguards that prevent customer and researcher data from being used to train or fine-tune third-party models. All inference requests are handled in a way that ensures data is processed securely, not retained by model providers, and not exposed across users or organizations.

Hai is subject to all of our existing high-level security and compliance protocols, which include:

But don't just take our word for it. We invite you and any third-party researchers to validate our controls by using Hai in our bug bounty program.

Yes. Hai maintains a record of all interactions through its conversation history feature. Questions and answers are stored on the HackerOne platform, allowing users with appropriate permissions to access historical conversations. This serves as an audit trail, capturing inputs and the corresponding outputs generated. Additionally, agent-based interactions (such as agentic validation or agentic security testing) are tracked via an agent log or agent trace, which provides a detailed account of what happened and why.

When generating responses to a user’s prompt, Hai uses only data from the program or programs that the user has permission to access. Hai adds context to help users understand the basis for its responses and ensures traceability for how conclusions are reached.

Data is stored and retained in accordance with HackerOne’s standard data retention policies, privacy policies, and terms. This data is safeguarded through our established security measures. Interactions are only stored on the platform to allow users with the proper permissions to access and view historical conversations related to their program.

Our carefully selected model and AI inference providers, such as Anthropic and Amazon, manage change and release processes to identify, reduce, mitigate, and manage toxic outputs, hallucinations, and biases. The model/system cards provided by Amazon Titan, Anthropic Claude Opus 4.6, Anthropic Claude Sonnet 4.6, and Anthropic Claude Haiku 4.5 provide more information on these risks.

HackerOne employees receive training on AI best practices and regulatory obligations through our annual privacy training program. Additionally, in compliance with the EU AI Act, HackerOne meets AI Literacy training requirements for employees.

HackerOne defines reasonable risk tolerances for AI systems, which are informed by laws, regulations, best practices, and industry standards. HackerOne also establishes policies to define mechanisms for measuring or understanding an AI system's potential impacts, e.g., via regular impact assessments at key stages in the AI lifecycle connected to system impacts and the frequency of system updates.

Security researchers have quickly built, adapted, and improved the usage of emerging AI-based technologies across the platform. We call these AI-powered hacking tools Hackbots.

The Report Assistant Agent on-platform AI capability helps Community Members improve clarity, completeness, and reproducibility when writing vulnerability reports. It works only with content provided by the researcher, does not submit reports autonomously, and preserves the researcher’s full responsibility and ownership for each submission. All outputs remain subject to platform rules, program guidelines, and human-in-the-loop requirements.

HackerOne encourages careful human oversight and adherence to established disclosure practices. These guardrails support responsible innovation while protecting customers, researchers, and the broader ecosystem, and HackerOne continues to collaborate with the community to refine these practices as AI-accelerated hacking evolves.

HackerOne applies the same rigorous security controls regardless of which AI provider processes a request. Every provider interaction flows through our authorization middleware, encryption layer, and audit logging. Your data receives identical protection regardless of which approved provider processes the request. The engine may differ, but the security envelope does not.

HackerOne maintains full transparency about AI providers through our published subprocessors list. Before any new provider can process customer data, they are formally added to this list. Customers subscribed to subprocessor notifications receive a 30-day notice of any additions, giving you visibility and time to review changes. This is the same process we use for all data processors—AI providers receive no special treatment or exemptions.

We understand and respect the significance of the confidential information you entrust to us. We do not currently train LLMs using confidential customer data. However, this is a fast-moving environment. If we ever consider doing so, we would only do so with customer permission.

HackerOne leverages AI technologies beyond GenAI, including machine learning (ML) models and automation tools. These technologies enable systems to automatically learn and identify patterns, and to provide advanced capabilities such as predictive analytics, automation, personalization, and anomaly detection. For many years, HackerOne has used ML models and automation tools to analyze data, identify patterns, and improve accuracy in tasks such as vulnerability classification.