HackerOne Blog

The latest from HackerOne

Finding Fast, Fixing Slow: The Rising Exposure Debt

May 6, 2026

Vulnerability submissions are up 76%. Unresolved criticals grew 25x. HackerOne platform data reveals a widening remediation gap that security teams can't afford to ignore.

Read Now

All

CTEM

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Public Policy

AI Red Teaming

Europe’s New AI Security Standard: What It Means for Vulnerability Disclosure and AI Red Teaming

March 25, 2026

ETSI EN 304 223 makes Vulnerability Disclosure and AI red teaming baseline expectations. Get practical steps to prepare for EU rollout by late 2026.

Security Research

AI Red Teaming

Advancing AI Red Teaming: Agentic Taxonomies and Governance-Ready Reporting

March 24, 2026

AI Red Teaming now maps validated agentic exploit paths to OWASP, NIST, ISO, and the EU AI Act. Get governance-ready reporting without spreadsheets.

AI Red Teaming

From Guardrails to Proof: Introducing Agentic Prompt Injection Testing

March 18, 2026

Prompt injection is rising fast. Agentic Prompt Injection Testing gives security teams proof of exploitability across real AI systems and workflows.

Exposure Management

Response

EU Cyber Resilience Act: Preparing Your VDP for 2026 Reporting Requirements

March 17, 2026

The EU Cyber Resilience Act introduces mandatory vulnerability and incident reporting starting September 11, 2026. See key dates, reporting timelines, and how a VDP helps teams stay audit-ready.

Crowdsourced Security

Bug Bounty

Introducing the HackerOne Bug Bounty Maturity Framework: A Guide to Operational Excellence

March 16, 2026

The HackerOne Bug Bounty Maturity Framework defines Baseline, Competitive, and Exemplary practices so teams can improve bug bounty operations, reduce friction, and drive stronger risk reduction.

Exposure Management

Crowdsourced Security

CTEM

Bug Bounty

Hai

Closing the Exposure Gap: What pixiv Learned About Continuous Security Testing

March 10, 2026

pixiv moved beyond periodic assessments to continuous security testing, proving real exploitable risk, reducing noise, and accelerating remediation with high-signal findings.

Exposure Management

CTEM

Hai

Best Practices for Getting Ahead of AI Slop with Exposure Management

February 27, 2026

Vulnerability volume is rising fast with AI, and triage is breaking. Exposure management and CTEM keep programs focused on fixable risk and high-signal findings.

HackerOne News

Exposure Management

Introducing the HackerOne Champion Program and Our First Champion of the Quarter

February 19, 2026

Meet HackerOne’s first Champion of the Quarter: Erika Voss. A candid Q&A on customer trust, operational discipline, and proving progress with metrics.

Exposure Management

CTEM

Hai

56% Faster Validation: An Agentic Workflow for Continuous Exposure Reduction

February 18, 2026

Reduce exposure time with agentic validation powered by Hai. Cut triage noise, prove real risk, and accelerate remediation in a continuous CTEM loop.