Press Release

H1 Platform Delivers Continuous Threat Exposure Management at AI Scale with Validated Exploitability

The H1 Platform delivers agentic AI across the full security lifecycle, paired with the world's largest community of security researchers, to close the discovery-remediation gap that defines security in the AI era.

SAN FRANCISCO, June 2, 2026 – HackerOne, a global leader in Continuous Threat Exposure Management (CTEM), today announced the H1 Platform, an agentic AI platform designed to help enterprises eliminate exploitable risk with continuous discovery, validation, prioritization, and remediation at AI scale.

The launch comes as the discovery-remediation gap becomes the defining security problem of the AI era. AI is now writing meaningful portions of enterprise code. Recent surveys indicate 73% of engineering teams now use AI coding tools daily, and AI-powered security tools are surfacing vulnerabilities faster than security teams can validate and remediate them. H1 Platform data shows vulnerability submissions up 92% year over year, with critical and high-severity findings climbing while remediation throughput lags by a wide margin. 

The H1 Platform addresses this challenge by applying agentic AI capabilities throughout the CTEM lifecycle to validate and remediate exploitable vulnerabilities. Powered by Hai, HackerOne’s agentic AI orchestrator, the platform correlates exploitability signals, remediation intelligence, and observed attack trends to help organizations prioritize high-impact risk. 

“In a world reshaped by frontier AI models, security can’t afford to be static, theoretical, or siloed. It must be continuous, validated, and tied to business impact,” said Nidhi Aggarwal, Chief Product Officer at HackerOne. “As exploit windows shrink and vulnerability volume accelerates, organizations need security systems that can continuously discover and validate what matters, prioritize action, and operationalize remediation at AI scale to continuously reduce cyber risk.”

"The AI era demands a new kind of security platform: agentic, continuous, and operating at the speed of the threat. The H1 Platform closes the discovery-remediation gap that defines this moment, built on the only foundation that could make it work: the simultaneous trust of the Fortune 500 and the world's largest community of security researchers, sustained over more than a decade,” said Kara Sprague, HackerOne’s Chief Executive Officer. “As enterprises move from securing code to securing AI itself, the researcher community's role on this platform will only deepen."

Central to the H1 Platform is the global community of security researchers, who bring adversarial depth that no automated system replicates. Where Hai delivers speed and scale, the global community pushes beyond what any model can reach, surfacing business logic flaws, novel attack chains, and adversarial techniques no training set contains. The result is evidence-based exploitability confirmation, not theoretical risk scores. As enterprises move from securing code to securing AI itself, the researcher community's contribution to the platform will continue to expand beyond finding individual vulnerabilities to shaping the intelligence that protects enterprises at AI scale.

How the H1 Platform Delivers Continuous Threat Exposure Management

With agentic capabilities built into the H1 Platform, it unifies discovery, validation, prioritization, and remediation into a single operational system for continuous exposure management. Key platform capabilities include:

  • Continuous agentic testing across the attack surface, with exploitability validation informed by program history and attack-path analysis
  • Agentic prioritization that ranks vulnerabilities based on exploitability and business impact
  • Integrated remediation workflows across Jira, GitHub, ServiceNow, Azure DevOps, Linear, and dozens of other enterprise integrations
  • Agentic exploitation workflows that generate validated, evidence-backed findings routed directly to developers for immediate remediation
  • Board and CISO-level executive analytics, including Return on Mitigation (RoM) metrics, designed to help organizations quantify exposure reduction, prioritize remediation investments, and concretely measure security outcomes

Measured Outcomes

The H1 Platform supports 1,300 organizations worldwide, including 20% of the Fortune 500 and leading AI innovators, helping security teams continuously validate and remediate exploitable risk at scale. Across its customer base, HackerOne has helped organizations mitigate more than $32 billion in exposure risk and reduce mean time to remediate (MTTR) by approximately 80%.

"We went from a set-and-forget security program to one that actually keeps pace with how fast threats move,” said Scott Brown, Security Lead, KOHO Financial. “Reducing median triage time by roughly 80% has changed everything. Our team focuses on what's confirmed and exploitable, and vulnerabilities get addressed before they become real risk."

The H1 Platform is available today at hackerone.com/platform.

About HackerOne: 
HackerOne is a global leader in Continuous Threat Exposure Management (CTEM) and the only solution provider that pairs the simultaneous trust of the Fortune 500 and the world's largest community of security researchers to secure the AI-native enterprise. The H1 Platform unites agentic AI solutions with security researchers ingenuity to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner’s Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing. 

Media Contact: 
press@hackerone.com 

Frequently Asked Questions (FAQ):

What does the H1 Platform do?
The H1 Platform applies agentic AI capabilities throughout the Continuous Threat Exposure Management (CTEM) lifecycle. It helps enterprises eliminate exploitable risk with continuous validation, and empowers them to prioritize and remediate exploitable vulnerabilities across code, cloud, applications, and AI systems.

Who is the H1 Platform for?
The H1 Platform helps enterprises reduce cyber exposure by applying agentic AI across the CTEM lifecycle, from discovery and exploitability validation to prioritization, remediation, and executive reporting.

What problem does the H1 Platform solve?
The H1 Platform helps close the discovery-remediation gap: the widening gap between how quickly vulnerabilities are found and how quickly organizations can validate, prioritize, and fix them.

Why does this matter now?
Companies are shipping code faster than ever, attack surfaces are expanding, and bad actors are moving quickly to take advantage. Security teams face alert fatigue, while business leaders face increased scrutiny and regulatory pressure. The H1 Platform is built for this moment, closing the gap between vulnerability discovery and remediation, and giving executives a clear view of progress and business outcomes.

How is this different from traditional vulnerability management or exposure management tools?
The H1 Platform is built for the realities of security in the AI era. As enterprises face a surge in vulnerabilities and growing pressure to remediate faster, the H1 Platform uniquely combines agentic AI with the world’s largest, global community of security researchers. That human expertise brings adversarial depth no automated system can replicate, while the platform gives teams the operational structure to act at speed and scale.

HackerOne is trusted by 20% of the Fortune 500 and leading AI innovators, and has already helped organizations mitigate more than $32 billion in exposure risk and reduce mean time to remediate by approximately 80%.

How does this help CISOs?
The H1 Platform not only empowers security teams with deep visibility and advanced agentic capabilities to reduce the mean time to remediate vulnerabilities, but it also surfaces CISO-level insights. CISOs can gain critical Return on Mitigation (RoM) metrics at a glance, helping them quantify exposure reduction, prioritize remediation investments, and concretely measure and report on security outcomes.

How does this help boards understand cyber risk?
Boards understand that cyber risk is business risk, not just a technical issue. The H1 Platform elevates critical board-level metrics, showing them which cyber risks could materially affect the business, whether the company is reducing those risks fast enough, and what decisions or investments are needed to improve resilience.

What business outcomes can customers expect?
The H1 Platform is designed to deliver faster remediation, better prioritization, reduced exposure, clearer executive reporting, and improved security ROI.

HackerOne has already helped customers mitigate more than $32 billion in exposure risk and reduce mean time to remediate by approximately 80%.

Who is using the H1 Platform?
More than 1,300 organizations worldwide rely on the H1 Platform, including 20% of the Fortune 500 and leading AI innovators.