New Revenue Opportunities Provided by Pentesting and Secure Code Review Expand Total Payouts

SAN FRANCISCO, October 26, 2023 – HackerOne, the leader in human-powered security, today announced its ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform. Thirty hackers have also earned more than one million dollars on the platform, with one hacker surpassing four million dollars in total earnings. According to the newly released 2023 Hacker-Powered Security Report, hackers are finding opportunities to earn more by diversifying their skill sets as emerging technology reshapes the threat landscape. Fifty-five percent of hackers plan for Generative AI (GenAI) to become a top target in the coming years. Crypto and blockchain organizations continue to see strong program engagement — offering the highest average overall rewards for hackers with the year’s top payout of $100,050 in this industry. Customers also expanded how they use hackers outside of traditional bug bounty, as pentesting engagements increased by 54% on the platform in 2023.

The 2023 Hacker-Powered Security Report includes perspectives from the hacker community and insights from the world’s largest database of vulnerabilities and bug bounty customer programs. Data reveals the hacker community’s point of view on generative AI (GenAI), the top vulnerabilities for different types of attack resistance programs, key vulnerability trends across industries, average bounty prices, and the motivations of the hacker community.

Key findings from the report include: 

  • Hackers continue to experiment with GenAI, as 61% of hackers said they will use and develop hacking tools from GenAI to find more vulnerabilities and another 62% of hackers plan to specialize in the OWASP Top 10 for Large Language Models. Hackers also said they plan to use GenAI to write better reports (66%) or code (53%) and reduce language barriers (33%).
  • Hackers reported insufficient in-house talent and expertise as the top challenge for organizations, and hackers are filling this gap: 70% of customers stated hacker efforts have helped them avoid a significant cyber incident.
  • Fifty-seven percent of HackerOne customers believe exploited vulnerabilities are the greatest threat to their organizations, over phishing (22%), insider threats (12%), and nation-state actors (10%). 
  • Customers are getting faster at fixing vulnerabilities, as the average platform-wide remediation time dropped 10 days in 2023. Automotive, media and entertainment, and government verticals saw the biggest decrease in time to remediation with an over 50% improvement.
  • Organizations are reducing costs by embracing human-centered security testing earlier in their software development lifecycles, with customers saving an estimated $18,000 from security experts reviewing their code before release.

"Organizations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers," said Chris Evans, HackerOne CISO and Chief Hacking Officer. "The Hacker-Powered Security Report makes clear that hackers are actively growing their skillsets to meet emerging threats. The versatility of hackers and the impact of the vulnerabilities they surface make them instrumental to how our customers anticipate and address risk.”

The annual Hacker-Powered Security Report is based on data from HackerOne’s vulnerability database and gathers views from HackerOne customers and more than 2,000 hackers on the platform. It was compiled between June 2022 and September 2023. For further information, you can download the full report here.

About HackerOne 

HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.