Skip to main content
Hai - AI Copilot

Customers: Hai - Your intelligent co-pilot within HackerOne

Updated over a week ago

Overview

Streamline and enhance your vulnerability management process with HackerOne’s GenAI Copilot, Hai. By integrating AI capabilities directly into our platform, Hai enhances security processes for organizations facing ever-changing cyber threats.

Hai provides deeper insights into vulnerability reports, enhancing understanding and enabling faster remediation. It effortlessly translates natural language into precise queries, enriches vulnerability reports with relevant context, and generates insightful recommendations using platform data.

Key Benefits

Strengthen Understanding

Hai decodes complex reports, providing succinct summaries and detailed visual analyses, fast-tracking your team's understanding and response capabilities.

Improve Communication

Hai acts as a communication bridge, clarifying technical details and remediation steps, enabling seamless collaboration between security, development teams, and hackers.

Accelerate Remediation

Hai streamlines find-to-fix cycles with targeted insights and personalized advice, optimizing remediation and harnessing unique business knowledge for faster, smarter action.

Streamline your SDLC

Hai elevates your SDLC, offering custom vulnerability scanner templates, API integrations, and dynamic automation for faster, smarter security processes.

How it Works

Hai is embedded in the HackerOne platform and can be used on any accessible reports. Hai functions as a copilot to your workflow and aims to improve your efficiency using the platform. Interacting with Hai works similarly to other GenAI tools; once you ask a question or send a prompt to Hai, it will process your input within our infrastructure and generate a response.

On-Demand Assistance

Navigating and interpreting complex security reports is time-consuming, often delaying critical response actions and decision-making within teams.

Whether faced with intricate reports, complex proofs of concept, or technical details, Hai provides easily understandable explanations of vulnerabilities.

For example, you can ask Hai for help with:

  • Report summarization

  • Remediation advice

  • Content generation (comments/acknowledgments)

Use the Hai icon on the left side menu to toggle Hai's chat interface.

HAI button in left nav

Hai chat window

Tailored Advice

Hai features ready-made prompt suggestions, offering immediate insights and a starting point for further queries. Currently, the suggestions include the following prompts:

  • Summarize report - Summarizing the submitted report with the most relevant information

  • Suggested titles - Suggesting alternative titles for the report

  • Scope exclusion - Check whether the reported asset is in scope or not

  • Reapply submission template - Reformat the vulnerability report using your submission template

  • Generate Nuclei template - Generate a Nuclei template for the vulnerability report

  • Remediation advice - Get advice on how to fix the vulnerability

  • Suggested CWE IDs - Suggesting the most likely CWE IDs based on the report content

  • Acknowledge report - Write an acknowledgment to the researcher

  • Catch up on report - Catch up on the report and the subsequent activities

Click on each prompt for more detailed information or to ask follow-up questions. You can click on the yellow lightbulb icon in the bottom right corner anytime to bring up the prompt suggestions.

New conversation window in Hai

Attachment Analysis

Analyzing visuals in reports and proofs of concept may miss important details essential for accurate vulnerability assessment and remediation planning.

Hai can support images so you can better understand visuals in vulnerability reports and proofs of concepts.

  • Get concise explanations of what's depicted in images.

  • Ask Hai to pull specific information from visuals, such as HTTP requests or response IDs.

  • Have Hai convert information from images into usable formats, e.g., cURL commands.

Hai image analysis results

Writing Assistance

Poor communication between security teams, developers, and hackers post-triage makes vulnerability remediation less efficient.

Hai crafts clear and concise messages to hackers, improving communication and collaboration across language barriers. It also enhances collaboration between security and development teams, promoting a more integrated security approach.

Hai writing assistance results

Hai Plays

Hai Plays offers practical solutions to streamline critical tasks. From generating a clear, concise vulnerability brief tailored for C-suite executives to assessing the likelihood of uncovering specific vulnerabilities during a pentest, allowing teams to focus their efforts where it matters most.

Why You'll Love Hai Plays:

  • Custom Instructions: Tailor plays with precise instructions to fit your unique needs and workflow.

  • Domain Knowledge: Teach Hai your organization's specific domain knowledge to ensure interactions are fully personalized and customized.

  • Efficiency: Say goodbye to repeatedly providing additional information about your tech stack, tone of voice, and business-critical information. Hai plays remember and seamlessly integrate this data for each prompt.

Enabling Hai

Hai is available to all HackerOne customers. Organization admins can toggle Hai's availability from Organization Settings -> Hai. After turning on Hai, all members within the organization will be able to use Hai.

FAQ

For an overview of the HackerOne approach to AI, please visit our Responsible AI blog here

For the purpose of this Hai FAQ, we will refer to the content that is generated by the AI in our services as “Output.” This FAQ is limited to the AI architecture of Hai, HackerOne’s copilot that offers generative AI capabilities to its users.

Hai is a virtual generative AI assistant that enhances the user experience by offering proactive suggestions and an open-ended chat interface to ask questions. Typical use cases include getting tailored vulnerability advice, automating vulnerability detection, summarizing reports, suggesting report responses, and improving the legibility of text.

How does HackerOne use AI in Hai for customers?

Hai leverages generative AI. It uses a Large Language Model (LLM) from the Anthropic Claude family in conjunction with vector embedding models from the Amazon AWS Titan family. These models are hosted within HackerOne’s own infrastructure.

How is my (vulnerability) data being used?

Your data is currently not used to train or finetune LLMs or vector embedding models that are used for Hai.

We use third party pre-trained LLMs hosted within HackerOne’s infrastructure. To optimize security and privacy protocols, we use models (e.g., Anthropic and Amazon Titan) deployed within HackerOne’s own AWS infrastructure through AWS Bedrock. We use industry-standard methods such as prompt engineering, tool use, and Retrieval-Augmented Generation (RAG) to provide your data to the models at inference time; making these models stateless so that they do not retain any of your sensitive or confidential information.

How does Hai work?

Hai is embedded in the HackerOne platform. Any question that is being asked to Hai goes through a process where heuristics and semantic relevance to other information is being extracted before it is sent to the LLM. The system then uses this information to retrieve information through the HackerOne GraphQL API. This architecture was chosen to ensure that Hai does not circumvent existing access controls that are present in the platform. Hai will only build a prompt for the LLM when it has retrieved the information it requires to generate a response. It will process your input solely within HackerOne’s infrastructure and provide a response.

If we use Hai, will my customer data be shared with third parties?

No, your information remains within HackerOne’s infrastructure, and the use of Hai does not disclose confidential information or proprietary information to unauthorized third parties.

How are you making sure customer data, in particular vulnerability data stays safe, when using Hai?

We have designed Hai to ensure your data stays in your control and never leaves HackerOne without your consent. HackerOne is ISO 27001, SOC2 and FedRAMP certified as well as GDPR compliant and Hai is subject to all of our existing high level security and compliance protocols.

The Hai architecture leverages existing HackerOne APIs to ensure it respects existing access controls within the platform. APIs are used within the context of the user that asked a question to Hai. This means that information that the user has access to in the platform may be sent to Hai at inference time for it to generate a response.

Although our approach to security and AI is no different to how we approach any data on our platform, we understand that there is currently a spotlight on AI and that you may have additional questions. If you have any further questions, we would be happy to discuss these in more detail. For additional information you can also read more about HackerOne’s approach to security here.

Who owns the data after it's input into Hai?

Data that a customer owns and makes available to HackerOne for the purposes of the Services will remain the property of the customer. HackerOne remains the owner of its intellectual property within its services.

The customer always remains the owner of the customer data input and HackerOne remains the owner of its services and any HackerOne material which might be included in Output generated by the service. HackerOne then grants the customer a commercial license to access, use, and reproduce any such HackerOne property included in the Output.

How does data storage/retention work for information input into Hai?

Information or customer data input into Hai is stored/retained in the same way as other data that is supplied by the customer for HackerOne services. It is subject to our terms and conditions, privacy policy, and internal data retention policies, among other policies and procedures we have in place to safeguard customer information and data.

Questions and answers are only stored on the platform as part of Hai functionality to surface historical conversations. This allows users with appropriate permissions to access historical conversations from their program on the platform to read back and use the data.

Can customers opt out of Hai?

Yes, your admins can choose to disable Hai functionality via Organization Settings > Hai Settings.

Did this answer your question?