HackerOne Blog

The latest from HackerOne

Finding Fast, Fixing Slow: The Rising Exposure Debt

May 6, 2026

Vulnerability submissions are up 76%. Unresolved criticals grew 25x. HackerOne platform data reveals a widening remediation gap that security teams can't afford to ignore.

Read Now

All

CTEM

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Exposure Management

CTEM

Finding Fast, Fixing Slow: The Crisis of Asymmetric Remediation

April 17, 2026

AI vulnerability discovery is accelerating fast, but remediation is not. See why backlogs compound, why validation matters, and what to change now.

Exposure Management

CTEM

The Vulnerability Apocalypse Is a Remediation Crisis

April 15, 2026

Vulnerability discovery is up 76% and backlogs are growing. Here's why CTEM and continuous validation are the only operating models that can keep pace, backed by HackerOne platform data.

Exposure Management

Hai

From Report to Remediation: A Real-World XSS Validation Workflow

April 14, 2026

A real-world XSS workflow shows how continuous security validation helps teams prove exploitability and confirm fixes faster with reusable evidence.

Exposure Management

Response

3 Principles for Modern VDPs: How AWS Keeps Vulnerability Disclosure Working at Massive Scale

April 9, 2026

AWS shows how modern vulnerability disclosure scales: design for scale, optimize time to context, and eliminate vulnerability classes with HackerOne.

Pentest as a Service

Why Real-World Testing Makes Agentic Pentesting Smarter Over Time

April 9, 2026

Agentic pentesting improves fastest in production. See how real-world testing plus validated feedback boosts accuracy, coverage, and reliability over time.

HackerOne News

Responsible AI at HackerOne: 2026 Update

April 9, 2026

A 2026 update on HackerOne’s responsible AI: human oversight for sensitive actions, stateless inference, no-training commitments, and open validation.

Security Research

Evolving with AI: How One Security Researcher Built a Career Around Time

April 7, 2026

Meet Douglas Day and see how bug bounty programs and AI automation helped him build a security research career with more flexibility and freedom.

CTEM

CTEM vs. Vulnerability Management: Scanning Is No Longer Enough

April 6, 2026

Vulnerability management finds weaknesses. CTEM confirms which ones are actually exploitable. Two approaches are compared across cadence, scope, validation, and executive reporting.

Code Security

Security Research

How to Find XSS: Techniques Security Researchers Use in Real Environments

April 1, 2026

Learn how to find XSS vulnerabilities and validate real exploitability using techniques trusted by security teams.