Hai Insight Agent
Hai Insight Agent enhances every vulnerability report with additional context to speed up validation, clarify impact, and guide remediation. It provides automated assessments, visual summaries, and links to similar reports so you can act quickly, consistently, and confidently.
What we did:
Hai Insight Agent is the first agent in Hai. We built an AI agent that adds contextual information to every vulnerability report using past similar reports. The insights include:
Report Assessment - Provides structured vulnerability summaries including discovery method, risk assessment, and likely impact areas (data exposure, privilege escalation, etc.) with confidence scores to help evaluate reliability and support consistent severity classification
Similar Reports - Surfaces previously resolved reports with shared characteristics, explaining the basis of similarity and highlighting key differences to help avoid duplicates, validate severity, and learn from past resolutions
Attack Scenario Diagram - Generates visual UML-style breakdowns of exploit paths from initial condition to potential impact, making vulnerabilities more accessible to development teams and enabling faster alignment on remediation strategies
Report Summary - Generates comprehensive high-level summaries that pull from all report activity and discussion, providing a complete, shareable view of what was found, reproduction steps, and business impact to streamline communication across teams
Severity Suggestion - Independently analyzes report content to assess severity and compares against current ratings, highlighting any differences with detailed breakdowns of contributing factors to support consistent and well-reasoned severity classifications
Bounty Suggestion - Recommends bounty amounts grounded in the program's bounty table and informed by precedent from similar resolved reports, including clear rationale tied to identified severity to enable consistent and transparent reward decisions
Why we did it:
Security teams told us that vulnerability reports often lack the context needed for quick decision-making. We built Hai Insight Agent to automatically provide the additional context, assessments, and connections that enable teams to act quickly, consistently, and confidently on every vulnerability report.
Learn more on our Hai Insight Agent page.
Send Pentest Scoping Form Back to Draft (Beta)
We've launched a feature that allows our internal teams (SEs/TEMs) to send a submitted Pentest Scoping Form back to a customer for corrections. This helps ensure scopes are accurate and makes the pentest setup process smoother.
What we did:
We added a new Needs changes, back to draft with comments option for our internal teams (SEs, TEMs) reviewing a form. When selected, they can leave notes for the customer detailing the required changes. The customer receives an email notification with a direct link to their form. They can see the feedback at the top of the page, edit the form, and resubmit. For prospects, this also extends the form's expiration date by 30 days.
Why we did it:
Customers sometimes submit scoping forms with incomplete or incorrect information. This new process gives our teams a simple way to request corrections directly within the platform, rather than relying on offline communication. It's a clear and efficient way to resolve scoping issues so we can get pentests started correctly.
Who it helps:
SEs/TEMs: Gives them a clear process to request changes on a scoping form.
Customers/Prospects: Offers them clear, actionable feedback and an easy way to edit and resubmit their form.
How to use it:
For SEs/TEMs: In the review step, select the Needs changes, back to draft with comments option, write your feedback in the comment box, and submit.
For Customers: They will receive an email notifying them that the form has been returned. They can click the link in the email, review the comments at the top of the form, make the required edits, and resubmit.