HackerOne is advancing AI exposure management, announcing the evolution of its AI platform, Hai, from a security copilot into a fully agentic system. The company also introduced the general availability of HackerOne Code, an AI-native code security solution built to detect and remediate vulnerabilities earlier in the software lifecycle.
Together, the launches signal HackerOne’s growing emphasis on continuous threat exposure management (CTEM), an approach that merges offensive testing, automation, and human expertise to help organizations stay ahead of fast-moving risks in modern, AI-driven environments.
AI Agents for Continuous Risk Reduction
Hai now operates as a coordinated team of AI agents designed to work alongside security and development teams. These agents continuously analyze vulnerability data, prioritize risks, and contextualize findings to accelerate remediation.
Trained on more than 500,000 validated vulnerabilities from HackerOne’s global community of security researchers, Hai brings depth, context, and speed to exposure management workflows. According to the company, 70% of users cite time savings as the most tangible benefit, with some saving over 40 hours a month in manual validation and reporting tasks.
Hai’s agents each focus on specific aspects of the vulnerability lifecycle:
- Priority Escalation Agent identifies critical issues for immediate attention
- Deduplication Agent reduces noise by removing redundant findings
- Report Assistant Agent ensures reporting consistency and clarity
- Insight Agent surfaces historical intelligence to streamline validation
“Hai cut our validation time from 20 minutes to just 5,” said Connor Knabe, Application Security Architect, Veterans United Home Loans. “By replacing manual steps with clear context, we validate faster, clarify impact, and stay aligned.”
Code Security for the AI Development Era
The launch of HackerOne Code marks the company’s push into AI-native code security. Designed to operate “like a developer and think like a security researcher,” the platform integrates directly into developer workflows, scaling vulnerability discovery with a blend of AI-driven intelligence and human oversight.
By embedding validation earlier in the software development lifecycle, HackerOne Code enables organizations to shift left securely–mitigating risk before deployment without slowing innovation.
From Validation to Exploitability: The Next Phase
HackerOne also previewed its upcoming Agentic Pentest as a Service (PtaaS), a new capability that moves from validation to continuous, AI-driven exploitability testing. The system autonomously proves whether vulnerabilities can be exploited in real-world conditions, bridging the gap between detection and defense.
“Hai has been central to our vision for AI-powered offensive security, and today marks the next stage in its evolution,” said Nidhi Aggarwal, Chief Product Officer at HackerOne. “Powered by insights drawn from over a decade of offensive security experience, Hai’s new agents and Agentic PtaaS take organizations from validation to verified exploitability. In the AI era, secure development must be built in, not bolted on. HackerOne Code ensures developers can ship secure, validated code without slowing innovation.”
Join our LinkedIn group Information Security Community!
