Hai for Hackers
After a successful small Beta group, we have begun our rollout plan to enable Hai for our hacker community, starting with the HSP (278 additional hackers). Hai will help hackers write clearer and more impactful reports, saving them and our customers time. Hai will also help improve communication between hackers and security teams, overcoming language barriers and reducing back-and-forth messaging!
What we did:
Introduced Hai to the community, including a play:
Hai for Hackers play: Hackers can ask for help with explaining security concepts, justifying severity ratings, or structuring a proof-of-concept.
Writing Assistant: Instantly improve grammar, generate report titles, and create concise summaries directly within the submission workflow.
Vision Chat: The ability to upload images and screenshots to Hai Chat to get quick explanations or extract important information.
For any customer that has Hai disabled, we are also preventing hackers from loading, or asking questions about, any report belonging to that organisation.
Why we did it:
Better and faster reports, with clearer written and messaged communication, are a win for hackers and our customers. We received feedback from the community that they can spend significant time creating polished reports, especially if there is a language barrier, and there is often uncertainty about how to classify or justify the impact of their findings.
Here's how we're addressing those pain points:
Reducing the time and effort spent on writing, formatting, and polishing reports.
Leveling the playing field for any of our non-native English-speaking hackers.
Hai can act as a sounding board to improve confidence and consistency in report submission
Who it helps:
All hackers, but especially hackers earlier in their hacking journey, and hackers whose native language is not English.
How to use it:
Switch to hacker view, and Hai chat will be automatically available to those with it enabled.
Asset Type Filter Option
We’ve added a new Asset Type filter across key charts (this filter is already available for Custom Benchmarking). This enhancement gives customers more precise, self-service insights into their program performance by asset category.
What we did:
Introduced Asset Type filtering on the following dashboards (and connected charts on the Executive Dashboard):
Submissions Charts
Rewards Charts
Response Efficiency Charts
Executive Dashboard
Why we did it:
Customers often manage multiple asset types with different risk profiles. Without the ability to filter by asset type, it was difficult for them to isolate trends, analyse performance, or compare benchmarks meaningfully. Adding this filter:
Reduces reliance on CSMs for manual asset-type breakdowns.
Enables faster, more accurate customer analysis.
Provides a clearer link between asset categories and security outcomes.
Who it helps:
Program Managers, Analysts, and CISOs who want to drill into results by asset category for more relevant insights.
How to use it:
Navigate to Submissions, Rewards, or Response Efficiency dashboards or equivalent charts in the Executive Dashboard in Analytics.
Use the new Asset Type filter at the top of the chart to refine results by specific asset categories.
Custom Benchmarks on Bounty Table Charts
We’ve extended custom benchmark functionality to all severity-based bounty benchmarking tables, giving customers more complete and consistent self-service benchmarking.
What we did:
Custom benchmarks can now be applied to each of the Critical, High, Medium, and Low vulnerability bounty benchmarking tables. This closes a key, highly requested gap and ensures customers see their chosen peer groups.
Why we did it:
Customers want benchmarking tailored to their context without waiting on manual support. Previously, they could only apply custom benchmarks in certain places, forcing gaps in analysis and extra requests to CSMs. By extending coverage, we empower customers with greater self-service, deliver faster, more credible insights and reduce manual benchmarking requests to CSMs.
Who it helps:
Program Managers who need consistent, trustworthy benchmarking for bounty tables for decision-making and reporting.
How to use it:
To use Custom Benchmarks:
Navigate to Engagement -> <select chosen engagement> -> Dashboards -> Bounty Table Benchmarking. View the general benchmark or create your custom benchmark:
Click on a chart with the Explore button in the top right of the chart.
Scroll down to the Benchmarks section of the page and click Add benchmark.
Name the benchmark, select a measurement, and choose a colour for the line on the chart. Filters can be added by clicking Add filter. Filters include: Industry, Organization size: # of employees, Submission severity, Public vs. private programs, and performance percentile.
To finish, click Save.
Note that this will need to be completed separately for each chart against which a custom benchmark is desired.