At HackerOne, we envision a future where technology seamlessly integrates human intelligence at scale with the transformative power of Artificial Intelligence. AI is set to redefine how we harness technology, unlocking unprecedented capabilities and enhancing security program efficiency.
As part of our vision, we introduce Hai, HackerOne’s intelligent co-pilot, designed to make your journey through vulnerability reports and hacker interactions smoother and more insightful.
Synthesize Complex Vulnerability Data: Whether faced with intricate reports or technical details, Hai provides easily understandable explanations of vulnerabilities, enhancing comprehension and analysis.
Generate Powerful Nuclei Templates with Ease: Enhance Nuclei scanner consistency by asking Hai to craft customized templates, improving detection rates and preventing regressions.
Access Tailored Remediation Advice: Determine the best approach to fixing a vulnerability by analyzing it with Hai and receiving personalized remediation advice.
Improve Hacker Communication: Ask Hai to craft elegant and succinct messages to hackers on your behalf, enhancing collaboration.
How it Works
Hai is embedded in the HackerOne platform and can be used on any accessible reports. Hai functions as a co-pilot to your workflow and aims to improve your efficiency using the platform. Interacting with Hai works similarly to other GenAI tools; once you ask a question or send a prompt to Hai, it will process your input within our infrastructure and generate a response.
To open Hai, click on the robot icon with the title “HackerOne AI” in the left sidebar, and click on “Ask a question.” The Hai modal will open, and you can either enter your own question or use one of the suggestions provided by Hai. Click on the yellow lightbulb icon to toggle suggestions.
Resize the Hai window by clicking on the bottom right corner and dragging the window to the new size. You can also open Hai in a separate window by clicking on the icon in the top right corner.
The For You tab contains ready-made prompts, offering immediate insights and a starting point for further queries. Currently, the For You tab includes the following questions:
Triage summary - Summarizing the submitted report with the most relevant information
Suggested titles - Suggesting alternative titles for the report
Suggested CWE IDs - Suggesting the most likely CWE IDs based on the report content
Click on each question for more detailed information or to ask follow-up questions. We've designed this feature to be flexible, allowing you to create specific overrides for programs with unique requirements.
Hai may make mistakes; make sure to verify its outputs
Use the thumbs up and thumbs down icons on a message to provide feedback on your interactions with Hai.
Are you using my data to train Hai?
We do not use your private data to train our models. Check out our blog post for more information.
Is Hai based on a public LLM?
Hai is not built on a multi-tenant LLM. We use Anthropic and Amazon Titan models deployed within AWS through Bedrock. We have designed the system to prevent AI prompts or private vulnerability information from leaving HackerOne infrastructure or undergoing transmission to any third parties. We have taken into account availability, stability, and continuity of service when building out our gen AI strategy.
How are you making sure my vulnerability data stays safe?
In addition to the security standards above, our approach lets you make your private data available to the model at inference time with techniques such as Retrieval-Augmented Generation (RAG). This ensures your data remains secure, confidential, and private to you and your interactions.
Is there a cost associated with using Hai?
Participation in the Hai Beta Program is cost-free, and you can enjoy unlimited usage. Please note that pricing is subject to change upon general availability.
What is Nuclei?
Nuclei is a fast exploitable vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks, aiding in the identification and mitigation of vulnerabilities. At its core, Nuclei utilizes templates—expressed as straightforward YAML files—that delineate methods for detecting, ranking, and addressing specific security flaws.