HackerOne launches AI platform to close security gap

HackerOne has launched the H1 Platform, an AI-based security platform for continuous threat exposure management. The product is intended to help organisations close a widening gap between identifying software vulnerabilities and fixing them.

At the centre of the launch is HackerOne's argument that AI is changing the economics of software security. As more engineering teams use AI coding tools in daily work, the volume of vulnerabilities being identified is rising faster than many security teams can validate and remediate them.

Data cited by HackerOne shows vulnerability submissions increased 92% year on year. Critical and high-severity findings are also rising, while remediation throughput is lagging.

The new platform is designed to combine vulnerability discovery, validation, prioritisation and remediation in one system. It uses HackerOne's AI orchestrator, Hai, alongside its network of security researchers to assess exploitability and route confirmed findings into development workflows.

The platform integrates with tools including Jira, GitHub, ServiceNow, Azure DevOps and Linear. It also includes executive reporting for board-level and chief information security officer use, with metrics such as Return on Mitigation.

Discovery gap

The launch reflects a broader problem in cybersecurity operations. Automated tools can now surface weaknesses at increasing speed, but validation and repair remain constrained by engineering time, internal processes and the need to distinguish practical threats from theoretical ones.

HackerOne describes that imbalance as the discovery-remediation gap. It argues the challenge is becoming more acute as companies move from securing conventional software to securing AI systems themselves.

Recent surveys cited by HackerOne indicate that 73% of engineering teams now use AI coding tools every day. That shift has helped increase development speed, but it has also introduced new concerns about code quality, software supply chains and the security review burden on internal teams.

HackerOne said its platform applies AI agents across the full lifecycle of threat exposure management. That includes continuous testing across an organisation's attack surface, prioritisation based on exploitability and business impact, and automated workflows intended to move validated findings directly to developers.

Researcher role

A central part of HackerOne's model remains its external community of security researchers. According to the company, those researchers provide the adversarial testing needed to uncover business logic flaws and attack paths that automated systems may miss.

HackerOne drew a distinction between theoretical risk scoring and confirmed exploitability. It argues that combining AI systems with human researchers can help security teams focus on vulnerabilities that present a realistic route to compromise, rather than a large backlog of lower-value alerts.

"In a world reshaped by frontier AI models, security can't afford to be static, theoretical, or siloed. It must be continuous, validated, and tied to business impact," said Nidhi Aggarwal, Chief Product Officer, HackerOne.

"As exploit windows shrink and vulnerability volume accelerates, organisations need security systems that can continuously discover and validate what matters, prioritise action, and operationalise remediation at AI scale to continuously reduce cyber risk," Aggarwal said.

HackerOne also framed the launch as a strategic response to changes in enterprise demand. Companies are increasingly seeking security tools that can feed directly into software delivery systems and provide measurable evidence of risk reduction to senior management.

HackerOne said the H1 Platform is used by 1,300 organisations worldwide, including 20% of the Fortune 500 and a number of AI-focused businesses. Across its customer base, the company said it has helped mitigate more than $32 billion in exposure risk and cut mean time to remediate by about 80%.

"The AI era demands a new kind of security platform: agentic, continuous, and operating at the speed of the threat. The H1 Platform closes the discovery-remediation gap that defines this moment, built on the only foundation that could make it work: the simultaneous trust of the Fortune 500 and the world's largest community of security researchers, sustained over more than a decade," said Kara Sprague, Chief Executive Officer, HackerOne.

"As enterprises move from securing code to securing AI itself, the researcher community's role on this platform will only deepen," Sprague said.

One customer cited by HackerOne described a faster security process after adopting its approach. KOHO Financial said improvements in triage speed had changed how its team handled identified weaknesses.

"We went from a set-and-forget security program to one that actually keeps pace with how fast threats move," said Scott Brown, Security Lead, KOHO Financial. "Reducing median triage time by roughly 80% has changed everything. Our team focuses on what's confirmed and exploitable, and vulnerabilities get addressed before they become real risk."