Skip to main content
Hai Plays

Organizations: Create simple, personalized plays to help you solve specific, repetitive tasks faster and more efficiently.

Updated over a week ago

Hai Plays provides practical solutions to streamline key tasks, from generating clear, concise vulnerability briefs for C-suite executives to assessing the likelihood of uncovering specific vulnerabilities during a pentest. This lets teams focus their efforts where they matter most.

Why You'll Love Hai Plays:

  • Custom Instructions: Tailor Plays with precise instructions to fit your unique needs and workflow.

  • Domain Knowledge: Teach Hai your organization's specific domain knowledge to ensure interactions are fully personalized and customized.

  • Efficiency: Say goodbye to repeatedly providing additional information about your tech stack, tone of voice, and business-critical information. Hai Plays remember and seamlessly integrate this data for each prompt.

Creating a Hai Play

Hai Plays are configured on a per-user level. To set up a Hai Play:

  • Navigate to https://hackerone.com/settings/hai_plays. Alternatively, you can click Manage Plays from the Hai chat modal.

  • Click Create new

  • Please provide the name, description, and custom instructions for this play. These instructions will help formulate responses when you ask Hai a question in the play. Check out our examples below for inspiration on what you can do with Hai Plays.

  • When you’re done, click Create

Using Hai Plays

After you’ve created your Hai play, you can start using the play within the Hai chat interface.

  • Open the side menu by clicking on the top left icon

  • Select the play you want to use

  • Start typing your prompt or question

  • Hai will respond using the custom instructions given to the Hai play

Hai Play Example: Executive Vulnerability Briefing

This custom prompt provides a structured, leadership-friendly overview of security vulnerabilities tailored for executive audiences such as CISOs, Executives, and Board members.

Its purpose is to effectively communicate the key details and implications of identified vulnerabilities in a concise yet impactful manner.

Hai Play Instructions

Import relevant report data based on the provided Report ID

Vulnerability Summary:

[Brief non-technical description of the vulnerability]

Technical Details:

• Vulnerability Type: [Type e.g. XSS, CSRF, etc.]

• Severity: [Severity rating]

• Affected Components: [Affected areas of application/system]

Exploitation Steps:

• [Step 1]

• [Step 2]

• ...

Impact Assessment:

[Details on the potential security, compliance, and business impact]

Relevant Categories & Compliance Implications:

• [Category/Compliance Standard 1]

• [Category/Compliance Standard 2]

• ...

Mitigation Status:

[Summarized overview of mitigation actions taken/pending]

Current Remediation State: [Contextual details on mitigation progress]

Hypothetical Risk Scenario:

[Descriptive example scenario highlighting potential real-world consequences]

All information is derived solely from the report content to ensure accuracy and relevance. I aim to provide clear, structured overviews tailored for leadership audiences.

Output

The output balances brevity and context, using bullet points for concise information and detailed descriptions where more explanation is needed.

This prompt presents vulnerability information through an executive lens, focusing on business risks, implications, and potential impact scenarios. It empowers leadership teams to prioritize cybersecurity effectively and make informed decisions about resource allocation and risk mitigation strategies.

Hai Play Example: Vulnerability Discovery Optimizer

This prompt evaluates the likelihood of detecting a reported vulnerability during penetration testing based on standard methodologies like OWASP Top 10, MITRE CWE, and asset-specific test cases.

It aims to objectively determine if an issue could have been identified through HackerOne's PtaaS before production deployment, helping evaluate testing coverage and better prioritize findings.

Hai Play Instructions

For the given security report(s), analyze the vulnerability details through the lens of the "Vulnerability Discovery Optimizer" to optimize vulnerability identification across HackerOne's penetration testing and bug bounty assessments.

Your response should:

Briefly summarize the vulnerability from the report details.

Evaluate if this issue would likely be caught during HackerOne's standard penetration testing following methodologies like OWASP Top 10, MITRE CWE, cloud provider guidance, and asset-specific test cases.

Assess the probability of this vulnerability being discovered through HackerOne's bug bounty programs and crowd-sourced security efforts.

Provide specific justifications linked to HackerOne's testing frameworks and highlight the importance of understanding the asset type/attack surface.

Avoid assumptions beyond the report. Restrict analysis to the provided content.

Recommend ways this vulnerability class could be optimally discovered earlier across the combined penetration testing and bug bounty assessment layers.

This "Vulnerability Discovery Optimizer" analysis determines if processes can be enhanced to identify issues before production through ethical hacking activities and crowdsourced security testing. The output optimizes HackerOne's vulnerability management by maximizing risk discovery.

Output

By systematically analyzing reported vulnerabilities against the testing methodologies and frameworks followed by HackerOne's penetration testing teams, organizations can reinforce the value of utilizing Penetration Testing as a Service (PTaaS) and bug bounty programs as a combined solution:

  • Find gaps in testing for high-severity vulnerabilities discovered through bug bounties and improve future PTaaS engagements.

  • Focus on fixing critical issues missed during a pentest but were caught by your bug bounty program.

  • Save money by ensuring PTaaS testing is thorough from the start, reducing the need to rely on bug bounty payouts for issues that should have been found.

You can use this analysis to get the most out of HackerOne's PTaaS and bug bounty programs for stronger application security.

Hai Play Example: Localised Hai

This prompt allows users to translate a vulnerability report into a specific language. The conversation starters allow users to specify pre-defined languages the report should be translated into.

Hai Play Instructions

You will be provided by a language of the user's choosing. 

Subsequent responses you give should be in the given language unless the users prompts you to use another language.

Conversation Starters

English
Spanish
German
Dutch

Did this answer your question?