Customer Story

How Deriv cut Bug Bounty response time from hours to minutes

Security doesn’t keep business hours at Deriv. As vulnerability reports arrive around the clock, a mature bug bounty program brings new challenges - high report volume and triage bottlenecks. When Dave Usher joined Deriv, he focused on one clear priority: improving mean time to response.

Read the customer's POV
Industry
Financial Services
Use Cases
AI
Solutions
Hai, Bug Bounty
Regions
Europe, Middle East
Smooth gradient background transitioning from deep navy blue on the left to bright cyan and magenta on the right

Deriv is a global online trading platform operating 24/7 in a highly regulated financial environment where security shapes customer trust. Since launching its HackerOne bug bounty program in 2015, Deriv has treated every vulnerability report as a potential zero-day. Speed, context, and researcher engagement matter at every stage.

When Dave Usher joined as VP of Security Engineering, the bug bounty program had already reached a high level of maturity. He saw an opportunity to extend its impact by improving how the team consumed, assessed, and acted on reports without changing the core model that made the program successful. The goal was simple: Respond faster, reduce friction, and scale operations without compromising the program’s core strengths.

Challenge

Security Never Sleeps

Deriv has been running an active bug bounty program that delivers high-quality vulnerability reports through HackerOne, complete with reproduction steps, attachments, metadata, and researcher dialogue. With Hai, HackerOne’s AI system enabled, the team can understand the severity and context of each report.

Internally, Deriv relies on Slack to collaborate across teams as reports come in, which worked well when the report volume was steady. But as the program scaled, particularly during bounty campaigns, several challenges surfaced:

Increased volume slowed initial assessment and prioritization

The 24/7 nature of the platform introduced off-hours challenges

Delayed feedback risked researcher engagement and program reputation

Analysts spent time parsing low-signal reports instead of focusing on impact

Dave realized his team needed a faster way to understand and act on HackerOne reports but without adding new tools.

“Without a more scalable workflow, backlog and response delays were real risks. Security never sleeps, yet our processes weren’t built for the always‑on nature of Deriv’s business. It just wasn’t enough - I wanted to bring our mean time to respond down and make it unambiguous when something demanded immediate action.”  

 

Solution

Why HackerOne

Deriv has partnered with HackerOne since 2015 because of the trusted researcher community and consistent ability to surface impactful vulnerabilities. As Deriv looked to evolve its program, HackerOne offered advantages that aligned with its long-term approach:

Hai provides vulnerability summaries, explanations, confidence signals, and recommended next steps directly on reports.

The HackerOne API enables secure access to full report context, including metadata, attachments, and researcher history.

The platform preserves the human-in-the-loop model while improving speed and consistency.

These capabilities made HackerOne the foundation for extending vulnerability validation into Slack without changing how researchers submit reports or how humans make final decisions.

Compelled to solve the team’s challenges, Dave built Harry, an AI-powered Slack bot that uses Hai and the HackerOne API to deliver bug bounty insights directly to his team's fingertips.

  1. A report arrives in HackerOne which triggers a real-time slack notification.
  2. Harry retrieves full report details through the HackerOne API.
  3. Hai analyzes the report and provides:
    • A concise summary
    • Validity and confidence indicators
    • Attack flow explanations
    • Recommended next steps
  4. Harry enriches the data using compatible third-party tools (Eraser, Mermaid) to generate optional diagrams.
  5. Engineers interact with the report in Slack, so a human remains responsible for every state change.

Dave designed a solution so everything stays where the team already works–in Slack. When the intel from HackerOne arrives, his team is ultimately accountable for the decision-making. 

Impact

Hours to Minutes

Since launching Harry, Dave’s team has dramatically improved bug bounty responsiveness with a near-100% improvement in mean time to first response, ensuring no vulnerabilities are left exposed.

Faster researcher feedback

Acknowledgement and contextual responses shifted from hours or days to near-instant, sustaining strong researcher engagement.

Stronger team enablement

More team members confidently handle first response without relying on a small group of experts.

Scalable validation without added headcount

The team absorbs volume spikes while reducing cognitive load through summaries, translations, and visual context.

Modernizing Security

Today, Deriv moves from intake to action in minutes. The company continues to rely on bug bounty as the foundation of its security strategy while using Hai and Harry to strengthen speed, consistency, and collaboration. The result is a resilient program that protects customer trust and scales the business without compromising human judgment. If you're a security leader interested in replicating Dave's success, check out his Medium article for the source code.

HackerOne fits naturally into how our team works, helping us respond and escalate quickly while keeping human judgment at the center. Anywhere, Anytime.

Headshot of Dave Usher
Dave Usher
VP of Security Engineering

We move from vulnerability intake to action in minutes, strengthening researcher trust and reducing potential exposure across the platform.

Headshot of Dave Usher
Dave Usher
VP of Security Engineering