HackerOne Leads AI-driven Innovation With GenAI Copilot and AI Red Teaming
HackerOne Launches GenAI Copilot To Enhance Customer Efficiency and Vulnerability Insights
SAN FRANCISCO, February 27, 2024 - HackerOne, the leader in human-powered security, today announced new AI augmentations that integrate the company’s human intelligence with the transformative power of artificial intelligence. HackerOne has launched the beta version of its GenAI copilot, Hai, that will help customers interpret their vulnerability reports and provide additional insights and advice on remediation. HackerOne has also accelerated its AI red teaming offering with customer and hacker growth in the AI space.
Hai introduces GenAI capabilities into the HackerOne Platform. The copilot can transform natural language into a query, provide additional relevant context on vulnerability reports, and use platform data to provide recommendations. Hai has become an integral part of HackerOne’s triage workflow, helping the industry’s largest in-house analyst team push boundaries and continue to set world-class response times. Hai’s benefits for customers include:
- Synthesizing Complex Vulnerability Data: Whether faced with intricate reports or technical details, Hai provides easily understandable explanations of vulnerabilities, enhancing comprehension and analysis.
- Generating Powerful Nuclei Templates with Ease: Enhance Nuclei scanner consistency by asking Hai to craft customized templates, automating vulnerability detection and preventing regressions.
- Accessing Tailored Remediation Advice: Determine the best approach to fixing a vulnerability by analyzing it with Hai and receiving personalized remediation advice.
- Improving Hacker Communication: Ask Hai to craft elegant and succinct messages to hackers on your behalf, enhancing collaboration.
“Hai has significantly reduced the time my team spends sifting through bug reports or creating responses, allowing us to focus more on resolving and communicating vulnerabilities quickly,” said Alexander Hagenah, Head of Cyber Controls at Six Group.
“Utilizing Hai for translating complex vulnerability findings into remediation advice has been a game changer for us,” said the Vice President of Cybersecurity at a Fortune 500 Real Estate Services and Investment Firm. “It bridges the gap between our technical reports and our internal audience, enhancing the value of our HackerOne program by making actionable insights accessible to everyone.”
Concurrently, HackerOne has expanded its AI Red Teaming offering for customers who are either in the AI space or are deploying GenAI tools in their own products and services. HackerOne’s community of curated hackers who specialize in exploring the possibilities and security issues in GenAI are helping customers develop their tools and features safely and securely by stress-testing their deployments. HackerOne offers both AI safety and AI security red teaming exercises, which can take the form of pentest engagements, security assessments, or bug bounty programs. Since January 2024, over 200 unique hackers have submitted over 1200 safety and security vulnerabilities affecting AI deployments, with over $230,000 paid out in bounties.
"We knew we wanted to do adversarial testing on the product, and a security expert on our team suggested a bug bounty-style program,” said lana Arbisser, Technical Lead, AI Safety at Snap Inc. “From there, we devised the idea to use a 'Capture the Flag' (CTF) style exercise that would incentivize researchers to look for our specific areas of concern. Capture the Flag exercises are a common cybersecurity exercise, and a CTF was used to test large language models (LLMs) at DEFCON. We hadn't seen this applied to testing text-to-image models but thought it could be effective."
“HackerOne’s latest AI innovations are only scratching the surface of what’s possible with this technology,” said Michiel Prins, Co-Founder and Senior Director of Product Development at HackerOne. “But AI solutions and deployments can’t be successful without human input. AI red teaming uses human creativity to strengthen and improve this evolving technology. By combining human ingenuity with the productivity of GenAI, we can help our company and our customers unlock the full potential of AI.”
HackerOne customers can now test drive Hai using the platform by navigating to the beta features page and enabling Hai. Future iterations of Hai will be made available to hackers also. To find out more about AI red teaming, register for the upcoming "Ask Me Anything" (AMA) session with three ethical hackers specializing in AI security and safety.
About HackerOne
HackerOne is the global leader in human-powered security, pinpointing the most critical security flaws across an organization’s attack surface with continual offensive testing to outmatch cybercriminals. HackerOne’s Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, Singapore’s Ministry of Defense, and the U.S. Department of Defense. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.