Multi-Language Submission Forms
Embedded submission forms now support multiple languages, enabling researchers to submit vulnerabilities in their native language. This feature removes language barriers and makes it easier for global researchers to contribute to your security program with confidence.
What we did:
Built multi-language support for embedded submission forms that allows researchers to interact with your program in their preferred language.
The feature includes:
Language Selection - Researchers can choose from 9 supported languages: English, Français (French), Español (Spanish), Deutsch (German), Nederlands (Dutch), 中文 (Chinese), Indonesia (Indonesian), 한국인 (Korean), and แบบไทย (Thai)
Easy Configuration - Simple setup through Hacker Management > Embedded Form with language selection options allowing customers to decide which languages they want to enable
Who it helps:
Organizations looking to engage a broader community of researchers using consistent, localized language.
Teams seeking higher-quality submissions by allowing researchers to contribute in their preferred language.
Companies looking to scale globally without increasing operational complexity.
Hai Report Insights (Open Beta)
Hai Report Insights enhances every vulnerability report with additional context to speed up validation, clarify impact, and guide remediation. It provides automated assessments, visual summaries, and links to similar reports so you can act quickly, consistently, and confidently.
What we did:
Built an AI agent that adds contextual information to every vulnerability report using past similar reports. The insights contain 3 key sections:
Report Assessment - Provides structured vulnerability summaries including discovery method, risk assessment, and likely impact areas (data exposure, privilege escalation, etc.) with confidence scores to help evaluate reliability and support consistent severity classification
Similar Reports - Surfaces previously resolved reports with shared characteristics, explaining the basis of similarity and highlighting key differences to help avoid duplicates, validate severity, and learn from past resolutions
Attack Scenario Diagram - Generates visual UML-style breakdowns of exploit paths from initial condition to potential impact, making vulnerabilities more accessible to development teams and enabling faster alignment on remediation strategies
Why we did it:
Security teams told us that vulnerability reports often lack the context needed for quick decision-making. We built Hai Report Insights to automatically provide the additional context, assessments, and connections that enable teams to act quickly, consistently, and confidently on every vulnerability report.
Who it helps:
Security teams looking to accelerate vulnerability validation and response times
Security analysts who need clearer impact assessment and remediation guidance
Organizations wanting to ensure consistent vulnerability handling across their teams
How it works:
Learn more about Report Insights and how it works by checking out our doc page!
Analytics Data Migration
We have updated how analytics data is accessed within the HackerOne Core application to eliminate data delays, reduce errors, and simplify development. This change reduces the analytics refresh rate within the platform and re-enables the ability to filter charts by custom fields.
What we did:
We migrated key analytics tables directly into the Core application’s database, removing the dependency on the dual connection between Snowflake and Postgres. This eliminates the asynchronous replication process that previously caused data integrity issues and delays. With analytics now living natively in Core, data access is faster, cleaner, and more consistent.
Why we did it:
The old architecture led to frequent replication failures, stale data, and high maintenance overhead, impacting internal development and the customer experience. Developers faced complex workflows and long lead times to ship updates, while customers sometimes saw outdated or inconsistent analytics. This change was necessary to ensure reliable real-time data, support faster feature development, and reduce technical debt.
Who it helps:
This improvement benefits multiple teams and users:
Customers will see faster, more accurate analytics and the ability to filter charts by custom fields.
CSMs and Sales who can confidently rely on up-to-date dashboards for customer conversations and demos.
Engineering teams now have a simpler, more scalable data architecture and faster development workflows.
How to use it:
To access and utilise custom fields as a filter:
Go to Program Dashboard > Explore.
Select the appropriate variables, including filtering by Custom fields values and set the filters.
Once specified, you can drill down into your data to see how your program has been performing.
Hai-Powered Automation Help Now Available in the Code Editor
Writing automation just got easier. We’ve added a Build your automation with Hai button directly above the code editor in both the creation and editing workflows. With one click, users can get help from Hai, making it easier to build and refine automation scripts using the HackerOne Platform.
What we did:
Added a "Build your automation with Hai" button in the automation code editor
The button appears in both the "create" and "edit" flows
Clicking it opens a Hai conversation using the Hai Automation Builder play.
The play is system-wide enabled and provides targeted guidance for building automations.
Why we did it:
Writing automation scripts can be complex, especially when many other tasks are also waiting for you. This feature brings assistance into the editor page itself, providing on-demand help powered by Hai.
Who it helps:
Security engineers creating advanced automations
Program owners customising automation behaviour
Anyone new to automation looking for a faster, guided experience
How to use it
Go to your organization’s Automation settings
Either Create a new automation or Edit an existing one
Click the Build your automation with Hai button above the editor to start a Hai session tailored to your automation task
"Explain this error" Button for Automation Logs
We've added contextual Hai buttons next to error messages in the automation logs, giving users one-click access to explanation and remediation guidance. This helps reduce friction when troubleshooting automation failures.
What we did:
Added an "Explain this error" button next to automation log entries that show an error
Clicking the button opens a helpful explanation and next steps for resolving the issue
The button only appears when an error is detected
Why we did it:
To improve the debugging experience for users working with automation logs. It helps users resolve issues faster by surfacing guidance exactly where it's needed. It's a step toward building more self-service support directly into the product.
Who it helps:
Anyone using automation in their workflows
Users reviewing logs to investigate automation failures
Program managers trying to improve automation reliability
How to use it:
1. Go to your automation log view
2. Look for entries labeled ERROR
3. Click the Explain this error button to view troubleshooting guidance
Findings 🎉
All your findings in one place! Instead of managing reports in separate inboxes, you can filter, sort, and organize everything in one place.
We empower customers to take control of vulnerability prioritization in Findings with advanced filters, sorting, and customizable views. Users can segment reports or view all findings across the organization, enabling quick access to actionable insights and faster resolution of critical issues.
What we did:
We created a centralized view to help users quickly identify and prioritize urgent reports across all engagements, assets, and teams.
Added flexible search capabilities and customizable display options streamline the process, allowing for precise filtering, tailored views, and better visibility into vulnerability status.
Introduced boards enabling users to save and manage multiple report views for easier prioritization and remediation.
Why we did it:
Customers faced challenges managing vulnerabilities across multiple inboxes and engagements, leading to prioritization gaps and slower resolutions. The limited search and filter options made it difficult to refine reports, and the spread of key details across multiple pages slowed decision-making. Multiple views lacked the flexibility needed for effective prioritization and remediation across different teams, assets, and workflows.
Who it helps:
Customers managing multiple teams and programs can now use a single view to optimize the prioritization of vulnerability findings. Additionally, all customers can take advantage of customizable views and enhanced search functionality for more efficient management and decision-making.
Learn more about it in our blog or how to use it in our Findings doc!
External Connectors for Automations (Beta)
Customers can now build automations into any tool of their choice, providing them greater flexibility and empowering them to streamline workflows on their own terms.
What we did:
We extended automations functionality to remove restricted access to HackerOne integrations only. Now, customers can automate tasks between the HackerOne platform and applications of their choice with the use of Secrets. These Secrets are securely stored and encrypted with a key only accessible to our customers.
Why we did it:
Customers have requested the ability to create automations that integrate tightly with their tools of choice and unlock major improvements in vulnerability elimination workflows.
Who it helps:
Enterprise and Professional customers looking to minimize repetitive, manual tasks between the HackerOne platform and Internal applications.
Learn more in our doc.
Secure Code Warrior Integration
Customers can now identify root causes leading to vulnerabilities in their code and arm their developers with targeted, hands-on training from Secure Code Warrior’s pre-built learning modules to help their teams understand where issues are originating and how to prevent similar vulnerabilities in the future. This integration helps customers address real vulnerabilities, boost code quality, and stop security issues earlier in the software development lifecycle. Available directly through the HackerOne Platform and supported developer tools.
What we did:
Based on HackerOne vulnerability findings, HackerOne reports will link to recommended Secure Code Warrior pre-built learning modules. Because developers are not typically in the HackerOne Platform, this data is also available directly in developer tools like Jira, GitLab, and ServiceNow. This ensures developers have easy access to the most relevant training.
Why we did it:
Customers told us, “It is not enough for security providers to find problems; they must define solutions to drive risk reduction and close the loop on fixing issues.” We took action by helping them identify developer upskilling needs to prevent vulnerabilities.
Who it helps:
Enterprise and Professional customers looking to prevent vulnerabilities by upskilling the development teams with targeted learning.