Never miss a high-impact threat. The Prioritization Agent automatically identifies vulnerability reports that require immediate attention and surfaces them to your team through the platform and your preferred notification channels.
After a report is validated by the Validation Agent, the Prioritization Agent analyzes it to determine urgency. It evaluates sensitive data exposure, business impact, and exploitation complexity and applies your organization's custom rules to identify findings with the greatest risk so they get immediate attention.
Note: The Prioritization Agent only analyzes reports that have been validated by Agentic Validation. This ensures your team focuses on confirmed vulnerabilities, reducing noise from invalid or incomplete submissions.
What the Prioritization Agent Evaluates
The agent performs a comprehensive analysis across multiple dimensions to determine whether a report warrants priority attention:
Dimension | What It Assesses |
PII Exposure Risk | Could this vulnerability expose customer or user personal data? |
Vulnerability Type | What kind of vulnerability is this? (RCE, SQL injection, IDOR, XSS, etc.) |
Exploitation Complexity | How easily could an attacker exploit this? |
Attack Chains | Could this combine with other open vulnerabilities to increase impact? |
Custom Business Rules | Does your organization have specific prioritization rules? |
Historical Context | Are there related reports or duplicates? |
How the Analysis Works
The Prioritization Agent uses five sequential analysis steps to build a complete risk picture:
1. Custom Instructions Check
The agent first checks if your organization has configured custom prioritization rules. These rules let you tailor escalation criteria to your specific risk profile and business context.
Example custom rules:
"Reports mentioning our payments API should always be high priority."
"PCI-related assets should be treated as high priority."
"Reports from internal pentests should not be flagged as high priority."
2. PII Detection Analysis
The agent evaluates whether the vulnerability could expose personal data. It examines the vulnerability type, affected asset, and evidence provided to assess PII risk.
The agent distinguishes between:
High risk: Proven unauthorized access to other users' data
Lower risk: A researcher testing with their own data, theoretical access without proof, or publicly available information
3. Attack Chain Analysis
The agent checks for other recent reports on the same asset that, when combined, could create a more severe attack. This identifies situations where individually moderate issues become critical when chained together.
4. Complexity Analysis
The agent assesses how easily an attacker could exploit the vulnerability. Lower complexity means higher urgency, as more attackers could potentially exploit it. The analysis considers required skills, reproduction steps, and whether automated exploitation is possible.
5. Priority Determination
Finally, the agent synthesizes all analysis results to determine whether the report meets the threshold for Prioritization. Reports meeting this threshold are automatically flagged for priority review.
Viewing Priority Recommendations in the Platform
When the Prioritization Agent identifies a report as high priority, you can view and act on the recommendation directly in the platform.
Accepting a Recommendation
Click Accept to confirm the agent's assessment. This action:
Records your confirmation in the audit trail
Updates the report metadata
Displays a confirmation notification
Rejecting a Recommendation
When you reject a recommendation, you'll be prompted to provide feedback by selecting one of the following:
"The priority assessment is incorrect."
"Missing important context."
"Other" (with space for additional details.)
This feedback helps improve the agent over time.
Note: Rejecting a recommendation does not change the report itself—it simply records that you disagreed with the agent's assessment.
Report Detail Page
When viewing a report that the agent has analyzed, you'll see a Priority Recommendation Panel containing:
Priority indicator — A clear badge showing whether the report is flagged as high priority or standard priority
Reasoning summary — A brief explanation of why the report was assessed this way
Action buttons:
Accept — Confirm the recommendation
Reject — Decline with feedback
View Reasoning — See the full analysis details
After you take action, the panel displays who handled the recommendation and the decision made.
Configuring Custom Instructions
You can configure organization-specific rules that customize how the Prioritization Agent evaluates reports for your program.
To configure custom instructions:
Navigate to Organization Settings > Hai
Find the Prioritization Agent section
Enter your custom instructions in the text field
Save your changes
What you can customize:
Vulnerability type priorities (e.g., "RCE in production environments should always be high priority")
Asset-specific rules (e.g., "Reports affecting the payments API should be high priority")
Business context (e.g., "During compliance audits, be more cautious about flagging PII-related issues")
Business-context (e.g. “hackerone.com is a crown jewel asset”
Exclusion rules (e.g., "Internal pentest reports should not be flagged as high priority")
Setting Up Escalation Notifications
In addition to seeing priority recommendations in the platform, you can configure automated notifications to alert your team through external channels when high-priority reports are identified.
These notifications are sent immediately when the agent flags a report as high priority—your team doesn't need to be in the platform to be alerted.
Prerequisites
To set up escalation notifications, your organization must have one of the following product editions:
Platform Enterprise
Enterprise
Pentest Premium hours
Creating an Automation
Navigate to Organization Settings > Automations
Click New automation
Search for the Early Warning template
Select your preferred integration and follow the configuration steps below
Slack
HackerOne supports two types of Slack webhooks: incoming webhooks and workflow trigger webhooks.
Incoming Webhooks (URL contains /services/):
Follow Slack's documentation to create an Incoming Webhook
Copy the webhook URL
Paste it into the HackerOne automation configuration
Save the automation
Workflow Trigger Webhooks (URL contains /triggers/):
Create a Slack Workflow with a webhook trigger
Copy the trigger URL
Paste it into the HackerOne automation configuration
Save the automation
Enter the recipient email addresses, separated by commas
Save the automation
Microsoft Teams
In Power Automate, create an Instant or Automated cloud flow
Add the trigger When an HTTP request is received
Add an action: Post message in a chat or channel
Configure the Teams channel where you want notifications
Save the flow and copy the generated callback URL
Paste the URL into the HackerOne automation configuration
Save the automation
PagerDuty
In PagerDuty, create a new service or use an existing one
Add an integration with the type Events API V2
Copy the Integration Key
In HackerOne, navigate to Organization Settings > Automations > Secrets
Add a new secret variable named pagerduty_integration_key with your Integration Key
Return to the automation configuration and save
General Webhook
Enter your webhook URL
Save the automation
API Access
Prioritization Agent data is available through the HackerOne API for teams that want to integrate recommendations into their own workflows or tooling. See the API documentation for details on available fields and queries.