HackerOne, a global leader in Continuous Threat Exposure Management (CTEM), has introduced a new offering aimed at helping enterprises manage a rapidly growing challenge in cybersecurity: the surge of vulnerabilities uncovered by advanced AI systems. The product, called h1 Validation, is designed to help organizations determine which security findings are truly exploitable and require immediate action.
The announcement comes as AI models such as Claude Mythos and OpenAI’s GPT-5.4-Cyber are dramatically increasing both the speed and scale of vulnerability discovery. While this has improved visibility into potential weaknesses, it has also created a widening gap between identifying issues and fixing them. At the same time, attackers are moving more quickly to exploit those weaknesses.
Recent data from HackerOne highlights the scope of the issue. Vulnerability submissions on its platform rose 76% year over year, reaching a record high in March 2026. About 25% of those findings were confirmed to be exploitable, a rate that has remained steady even as overall submissions increased. This means the total number of real vulnerabilities continues to climb. In addition, the share of critical and high-severity vulnerabilities has grown to 32%, compared to a historical baseline of 26 to 28%.
Another concern is the shrinking time between disclosure and exploitation. In some cases, vulnerabilities are being exploited within hours. Meanwhile, remediation efforts are not keeping pace. Although fix times have improved by 19% year over year, the volume of new vulnerabilities has led to record backlogs for many organizations.
“AI is accelerating both the volume and the sophistication of vulnerabilities,” said Nidhi Aggarwal, Chief Product Officer at HackerOne. “AI is increasingly exploiting complex attack paths and multi-step chains, and the time to exploit them is shrinking. h1 Validation helps organizations keep up by combining agentic AI and human expertise to quickly determine what is actually exploitable, deliver clear remediation steps, and reduce the time from find to fix.”
The new h1 Validation offering focuses on prioritization and clarity. It is built to handle large volumes of vulnerability reports while analyzing increasingly complex attack paths. By validating which issues are truly exploitable, it aims to help security and engineering teams focus their efforts on the most urgent risks.
The launch reflects a broader shift in cybersecurity strategy. As AI continues to accelerate vulnerability discovery and expand adversarial capabilities, organizations are being pushed to move beyond discovery alone. Continuous validation and faster remediation are becoming essential to managing risk effectively.
HackerOne positions h1 Validation as a way to close the gap between discovery and remediation by speeding up the cycle from identifying vulnerabilities to confirming their impact and fixing them. The goal is to turn a growing influx of findings into faster, measurable reductions in risk.
As enterprises adapt to this new landscape, tools that can filter signal from noise and keep pace with AI-driven threats are likely to become increasingly important.
Join our LinkedIn group Information Security Community!
