HackerOne offers Hai Triage Services as a paid offering that customers can add to their BBP or VDP. Customers benefit from our in-house triage analysts and Agentic Validation by Hai. Together, they review submitted reports, update metadata, suggest severity and bounty, and provide a clear summary with reproduction steps to help teams remediate issues faster.
Hai Triage Process
Agentic Validation
Agentic Validation is an AI-powered system that assists HackerOne's triage workflow. It automatically reviews incoming reports within minutes of submission, performing initial classification and validation checks to accelerate the triage process.
What the agent does:
Assesses whether a report is likely valid, invalid, or requires further review
Classifies vulnerability type, severity, and affected assets
Recommends actions such as routing, closure reasons, or follow-up questions
Provides structured context to human analysts, including: Context (report background and relevant program details), Checks Performed (validation steps the agent completed), and Recommendations & Actions (suggested next steps)
What the agent does not do:
Make final triage decisions: all outcomes are reviewed or confirmed by human analysts
Communicate directly with hackers beyond the automated first response
Override analyst judgment on severity, bounty, or report validity
Agent identity: Automated responses from Agentic Validation appear under the @hackerone-agent account, labeled "BOT" in the UI. This distinguishes agent-generated messages from those written by human analysts.
First Response
The report is submitted to the New inbox queue.
Agentic Validation automatically reviews the report, typically within 5–15 minutes of submission. Based on its assessment, one of two paths is followed:
Auto-routed: The agent auto-completes intake and routes the report directly to the Hai Triage Validation team. An automated first response is posted by @hackerone-agent, acknowledging receipt and informing the researcher that the report has been forwarded for detailed validation. This automated message counts toward the first response SLA, which is often met in minutes rather than hours.
Manual intake: The report is queued for review by a human intake analyst. The agent's assessment and supporting details are visible in the analyst's UI to assist their review. The intake analyst then either closes the report with an appropriate response or forwards it to the validation team.
First response SLA targets:
24 hours for Enterprise programs (weekends excluded)
48 hours for Professional programs (weekends excluded)
The Hai Triage Validation team then performs an in-depth investigation and validation of the report. Human analysts always perform the final validation review, regardless of whether intake was automated or manual.
Needs More Information
Once a Hai Triage Analyst has reviewed the report, they may conclude that they need more information from the customer or the hacker.
If an analyst needs more information from the hacker:
Report status is changed to NMI (Needs more Info)
The analyst leaves a public comment to open dialogue with the hacker
There may be several public comment back-and-forth exchanges
Once enough information is gathered, the analyst moves forward on the report to either close or validate it
If an analyst needs more information from the organization's team:
The H1 analyst leaves a public comment to let the hacker know they are reaching out to confer with the team
The H1 analyst assigns the report to the organization and leaves an internal-only comment for the organization's team to ask necessary questions
There may be several back-and-forth internal-only comments within the same conversation.
Once enough information is gathered, the Hai Triage analyst moves forward on the report (reference Scenarios 1 & 2 above)
Note: It’s best practice for the customer team to check their inbox daily, as we have a 2-business-day target for response to the Hai Triage team.
Validate or Close
After the analyst reviews and gathers additional information (if applicable), the analyst will either close or validate the report.
Valid
When a report is validated or deemed eligible for a reward:
The Hai Triage analyst will leave an internal-only Hai Triage summary on the report, including a summary of the issue, clear steps to reproduce, and an impact statement.
The analyst will suggest a severity based on CVSS and an award amount based on the bounty table in the program guidelines.
The report state is changed to Pending program review or Triaged depending on the program workflow.
The report is assigned to the program inbox queue for further action.
Closed
If a report is deemed invalid and marked as closed, it can affect the hacker’s reputation. A closed report may be marked as:
Duplicate
Informative
N/A
Spam
See our Report States document for more information.
Hai Triage Ratings
Hai Triage ratings allow HackerOne to measure performance, identify focus areas, and drive improvement. After each vulnerability report, hackers and customers can rate the overall report and experience on a scale of one through five, and even add comments for the HackerOne team.