HackerOne Blog

We’re Running Hai Insight Agent on Our Own Bug Bounty Program – See it in Action

Crystal Hazen
Senior Technical Program Manager
Hai Insight Agent

Before HackerOne ships a new feature, we test it ourselves. Our internal bug bounty program acts as Customer Zero, with real reports, real stakes, and real complexity.

One of the latest tools to undergo that test is Hai Insight Agent, a capability of HackerOne’s AI Security Agent. Security teams face an overwhelming volume of vulnerability reports, each demanding fast, consistent, and informed analysis. The agent was built to manage the analysis at scale by acting as a security analyst, triaging reports the way a seasoned human would, but at the speed and efficiency of AI.

It ensures every report is reviewed thoroughly, consistently, and with full awareness of past context, so teams can act quickly and confidently on what matters most. The tool is evolving fast, and in a recent case, it proved its value.

Less than 90 minutes after a framework upgrade went live, a researcher submitted a critical report exposing sensitive user data through a JSON endpoint. The issue was identified, fixed, and successfully retested in record time. 

To show how Insight Agent works, we’re walking through one of our publicly disclosed vulnerabilities, Report #3000510.

The Report: Cross-Program Linking and Disclosure Risk

The Vulnerability
The vulnerability exposed sensitive user attributes through the JSON endpoint of disclosed reports. When a reporter or team member posted a summary on a report, accessing the .json endpoint of that report could leak private user data due to a change in JSON serialization behavior introduced in a Rails framework upgrade (from 6.1.7.10 to 7.1.5.1).

Vulnerability Details

  • Type: Information Disclosure (CWE-200)
  • Affected Endpoint: /reports/:id.json
  • Severity: Critical
  • Reward: $25,000

Running Hai Insight Agent

We now run Hai Insight Agent on every report submitted to HackerOne’s internal bug bounty program. Here’s what it surfaced for Report #3000510:

Validity Likelihood Assessment
Hai offers a visual indicator that estimates how likely a report is to be valid. It includes supporting and contradicting evidence from the submission, helping reviewers quickly decide where to focus.

Screenshot of Hai Insight Agent Report Assessment

Similar Reports
Hai flags potentially related or duplicate reports across programs. That context shows how widespread an issue might be and avoids wasted time on redundant triage.

Screenshot of Similar Reports in Hai

Attack Path Diagram
Each report includes a visual map of how the vulnerability could be exploited. This document acts as a concise, shareable briefing document useful for triage, engineering, PR, legal, and executive teams alike. Everyone sees the same picture, with less explanation required.

Screenshot of the Attack Path Diagram

Severity and Bounty Suggestion

For this report, we used the recommended severity and bounty suggestions to guide our response. Hai surfaced comparable past submissions and aligned its recommendations with how we’d handled similar issues before. That context helped us make a quick, consistent decision, avoiding second-guessing, reducing researcher friction, and accelerating resolution across teams.

Severity and Bounty Suggestions from Hai Insight Agent

Rerunnable and Evolving
Insights aren't static. We can re-run them anytime new comments or attachments are added, keeping the summary in sync with the report’s current state. We can easily open the report in a chat with Hai to ask follow-up questions, ask Hai to draft us a response to the researcher, or suggest a bounty, saving us time on each report. 

Real Gains

Faster Reviews
With everything packaged up front, reviewers moved more quickly and made decisions with more confidence.

Clearer Prioritization
Flagging related reports and outlining risk paths helped us assign severity and urgency faster.

Less Friction
A clear, shared understanding reduced meetings and rework. Teams aligned faster.

From Report to Resolution in Just Over Two Days

Hai Insight Agent gave our team a head start. We quickly surfaced similar past issues, traced the problem to the recent Rails upgrade, and got a clear view of how the data was being exposed. Concise summaries, comparisons, and visual breakdowns clarified the vulnerability, gave developers the context they needed, and enabled them to act fast. After deploying the fix, we coordinated with the researcher to retest and confirm it, and it was validated within the hour.

Their response said it all:

A thank you message from the bug bounty

From initial report to full resolution, the entire process took just over 56 hours. 

The Road Ahead

Hai Insight Agent is still evolving, and we’re learning with every internal test. We’ll keep improving it based on our firsthand experiences. Our Customer Zero approach ensures the tools we build aren’t just clever, they’re practical.

Want to see how it works in your own program? Check out the product documentation.

AI
Crowdsourced Security