Stronger Together: Embracing AI as a Force Multiplier

Since early-stage hackbots first appeared on HackerOne, their capabilities have grown at an exponential pace that’s been impossible to ignore. For some, this surge has fueled anxieties around job security, fairness, and the future role of human researchers. For others, it has proven to be a powerful force multiplier, amplifying efficiency, accelerating discovery, and opening new possibilities for collaboration.

Like most major technological shifts, AI has been divisive. Some sound alarms, warning that the technology will make human-in-the-loop security obsolete. Others approach it with optimism, pointing to its limitations and the essential roles that humans provide to make AI useful. 

Regardless of your stance, one objective truth remains: Artificial General Intelligence (AGI) is still a theoretical concept. For now, humans are not the proverbial milkmen in the face of refrigeration. Instead of getting lost in arguments that only time will resolve, security researchers should seize the opportunity to experiment with AI and advance the shared goal of a safer, stronger web.

The most meaningful progress happens when humans harness the power of AI to enhance their own capabilities. AI brings speed and scale, while humans bring creativity, judgment, and context.

This partnership is already visible across the security workflow, from discovery and testing to research assistance, report writing, and triage. 

Supercharged Hacking

AI is becoming a security researcher’s always-on sidekick, handling tasks like reconnaissance, code reviews, vulnerability analysis and social engineering prep. By taking over repetitive work, it frees researchers to focus on creativity, strategy and uncovering deeper vulnerabilities.

These systems act like context-aware consultants at your side, answering questions, generating payloads, filtering traffic and drafting scripts on demand. AI augments security researcher effort by taking on the grunt work, freeing researchers to focus on high-value tasks that demand human ingenuity.

AI handles the patterns and humans deliver the breakthroughs. Together, security researchers are stronger with AI.

Unlocking Higher Impact 

Combining human intuition with AI is helping researchers elevate the impacts of their vulnerability findings. For example, in a video on his YouTube channel, while reviewing a Github repository, Ben Sadeghipour discovered an API endpoint that exposed private user data. By manually testing a few variations of the username in the URL path, he noticed a pattern: usernames were built from the first initial, last name, and sometimes an integer in case of duplicates.

This human observation became the key that unlocked the next step. To scale his testing, Sadeghipour used AI to generate a Python script that produced a wordlist of likely usernames based on common Hispanic surnames. Running the script quickly uncovered multiple valid accounts, turning what was initially dismissed by triage into a confirmed, higher-severity IDOR vulnerability.

The example highlights the balance of strengths. Human pattern recognition revealed the underlying flaw, and AI amplified the effort by automating what may have been tedious trial and error. 

Together, they transformed a borderline finding into a validated vulnerability with real security impact.

Prioritized Reconnaissance Targets 

Reconnaissance tools are nothing new, but AI is taking them to the next level by working alongside researchers to cut through the noise. AI can help here in several ways:

• Detecting older, likely vulnerable web pages using image recognition
• Pulling key details (emails, tech stack info, credentials) from public content
• Mapping and clustering related domains and subdomains to quickly spot high-value assets
• Fingerprinting technologies and versions to flag outdated or unpatched systems
• Prioritizing targets by cross-referencing assets with known vulnerabilities and exploit trends

By handling manual reconnaissance tasks, AI is giving researchers back valuable time to focus on deeper investigation and creative attack paths.

Intelligent Fuzzing 

Rather than manually guessing extensions or bombarding websites with random payloads, AI can generate targeted fuzzing suggestions based on patterns it detects. Researchers can then steer these suggestions toward the most promising areas, focusing their efforts where vulnerabilities are most likely to surface. The result is smarter, more efficient fuzzing with far less wasted effort.

Lightening the Load for Security Teams 

Faster Vulnerability Detection & Remediation

Historically, writing detection logic has been a slow, manual task, often creating delays between when a vulnerability is disclosed and when it can be reliably detected. AI is beginning to close these gaps by automating the repetitive work that slows security professionals down.

Importantly, this highlights how AI accelerates the work while human expertise ensures trust and precision. 

Security engineering teams have come a long way from manually written vulnerability detection logic. Most teams are now dealing with a new problem, an overwhelming number of detections. AI has been helping teams solve this issue by providing smarter prioritization, taking into account attack pathways and controls to deliver more realistic severity scores tailored to unique environments.

Smarter Triage and Remediation

Hai is HackerOne’s agentic AI system purpose-built for offensive security workflows. It understands vulnerability data, remediation best practices, and the nuances of business impact. It works alongside analysts, combining machine speed with human judgment to accelerate validation, streamline remediation, and reduce noise.

One of its core agents, Insight Agent, helps security teams move from raw reports to actionable insights. It reviews community-submitted reports for credibility and relevance, compares them to similar findings, and structures them into clear priorities. To accelerate response, it can validate whether assets are in scope, align findings with CWE identifiers, and recommend severity and bounty amounts. From there, it provides remediation steps, drafts acknowledgment messages, and even generates reproducible Nuclei templates.

Early adopters have already seen the benefits. During an election security challenge, for example, Hai helped translate reports in multiple languages so findings could be processed consistently and quickly. Customers describe it as a “force multiplier” that ensures valid, high-quality vulnerabilities are recognized and addressed faster. Customers report reducing the time spent validating vulnerabilities by 75%.

As triage becomes more complex in the age of AI-driven attacks, Hai demonstrates how humans and AI can collaborate effectively: AI accelerates verification and structuring, while human experts bring the creativity, intuition, and final judgment that no model can replicate.

See how Hai Insight Agent manages security report analysis at scale

Elevating Security Through AI and Human Collaboration

AI has already disrupted the security industry, reshaping how vulnerabilities are found, reported, and remediated. Yet the real story is not about replacement but collaboration. AI delivers speed and scale, while humans bring the diversity, creativity, and the ingenuity to apply these tools in meaningful ways.

As we’ve seen across discovery, reconnaissance, fuzzing, documentation, and triage, the partnership between humans and AI is already transforming workflows. The researchers who embrace this balance are not only working faster, they are uncovering deeper vulnerabilities and pushing the industry forward.

The future of security is not humans or AI, but humans with AI. Those who embrace this balance will uncover deeper vulnerabilities and push the security industry forward.