Hai - AI Copilot

Customers: Hai - Your intelligent co-pilot within HackerOne

Updated over a week ago

Overview

Streamline and enhance your vulnerability management process with HackerOne’s GenAI Copilot, Hai. By integrating AI capabilities directly into our platform, Hai enhances security processes for organizations facing ever-changing cyber threats.

Hai provides deeper insights into vulnerability reports, enhancing understanding and enabling faster remediation. It effortlessly translates natural language into precise queries, enriches vulnerability reports with relevant context, and generates insightful recommendations using platform data.

Key Benefits

Strengthen Understanding

Hai decodes complex reports, providing succinct summaries and detailed visual analyses, fast-tracking your team's understanding and response capabilities.

Improve Communication

Hai acts as a communication bridge, clarifying technical details and remediation steps, enabling seamless collaboration between security, development teams, and hackers.

Accelerate Remediation

Hai streamlines find-to-fix cycles with targeted insights and personalized advice, optimizing remediation and harnessing unique business knowledge for faster, smarter action.

Streamline your SDLC

Hai elevates your SDLC, offering custom vulnerability scanner templates, API integrations, and dynamic automation for faster, smarter security processes.

How it Works

Hai is embedded in the HackerOne platform and can be used on any accessible reports. Hai functions as a copilot to your workflow and aims to improve your efficiency using the platform. Interacting with Hai works similarly to other GenAI tools; once you ask a question or send a prompt to Hai, it will process your input within our infrastructure and generate a response.

On-Demand Assistance

Navigating and interpreting complex security reports is time-consuming, often delaying critical response actions and decision-making within teams.

Whether faced with intricate reports, complex proofs of concept, or technical details, Hai provides easily understandable explanations of vulnerabilities.

For example, you can ask Hai for help with:

  • Report summarization

  • Remediation advice

  • Content generation (comments/acknowledgments)

Use the Hai icon on the left side menu to toggle Hai's chat interface.

HAI button in left nav

Hai chat window

Tailored Advice

Hai features ready-made prompt suggestions, offering immediate insights and a starting point for further queries. Currently, the suggestions include the following prompts:

  • Summarize report - Summarizing the submitted report with the most relevant information

  • Suggested titles - Suggesting alternative titles for the report

  • Scope exclusion - Check whether the reported asset is in scope or not

  • Reapply submission template - Reformat the vulnerability report using your submission template

  • Generate Nuclei template - Generate a Nuclei template for the vulnerability report

  • Remediation advice - Get advice on how to fix the vulnerability

  • Suggested CWE IDs - Suggesting the most likely CWE IDs based on the report content

  • Acknowledge report - Write an acknowledgment to the researcher

  • Catch up on report - Catch up on the report and the subsequent activities

Click on each prompt for more detailed information or to ask follow-up questions. You can click on the yellow lightbulb icon in the bottom right corner anytime to bring up the prompt suggestions.

New conversation window in Hai

Attachment Analysis

Analyzing visuals in reports and proofs of concept may miss important details essential for accurate vulnerability assessment and remediation planning.

Hai can support images so you can better understand visuals in vulnerability reports and proofs of concepts.

  • Get concise explanations of what's depicted in images.

  • Ask Hai to pull specific information from visuals, such as HTTP requests or response IDs.

  • Have Hai convert information from images into usable formats, e.g., cURL commands.

Hai image analysis results

Writing Assistance

Poor communication between security teams, developers, and hackers post-triage makes vulnerability remediation less efficient.

Hai crafts clear and concise messages to hackers, improving communication and collaboration across language barriers. It also enhances collaboration between security and development teams, promoting a more integrated security approach.

Hai writing assistance results

Enabling Hai

Hai is available to all HackerOne customers as an opt-in feature. Organization admins can enable Hai from Organization Settings -> Hai. After turning on Hai, all members within the organization will be able to use Hai.

FAQ

  • Are you using my data to train Hai?

    • We do not use your private data to train our models. Check out our blog post for more information.

  • Is Hai based on a public LLM?

    • Hai is not built on a multi-tenant LLM. We use Anthropic and Amazon Titan models deployed within AWS through Bedrock. We have designed the system to prevent AI prompts or private vulnerability information from leaving HackerOne infrastructure or undergoing transmission to any third parties. We have considered availability, stability, and service continuity when building our gen AI strategy.

  • How are you making sure my vulnerability data stays safe?

    • In addition to the security standards above, our approach lets you make your private data available to the model at inference time with techniques such as Retrieval-Augmented Generation (RAG). This ensures your data remains secure, confidential, and private to you and your interactions.

  • Is there a cost associated with using Hai?

    • No. There is no additional cost for using Hai, and you can enjoy unlimited usage.

Did this answer your question?