Webinar

The Long Game: How Spotify Scaled Its Program Over a Decade

August 19, 2026 at 11 am EST

From early growing pains to building a mature, high-volume program

Join Spotify and HackerOne for a candid fireside chat celebrating a decade of partnership and a major milestone—approaching three quarters of a million bounties awarded. In this live session, Spotify’s AppSec Manager, Mikhail, sits down with HackerOne’s Chris to unpack how one of the world’s largest streaming platforms has evolved its vulnerability disclosure and bug bounty program in the past 10 years.

From early growing pains to building a mature, high-volume program, Spotify will share how their approach to security has scaled alongside the business. The conversation will explore how they’ve refined program strategy, adapted to increasing submission volume, and embraced new frontiers like AI red teaming to stay ahead of emerging threats.

Expect an honest look at what worked, what didn’t, and the key decisions that shaped Spotify’s journey—along with practical takeaways for security teams looking to evolve their own programs. The session will close with live audience Q&A.

Whether you’re just getting started or optimizing an established program, this discussion offers a rare, behind-the-scenes perspective from a team that’s been at it for a decade.

Register Now