Unlocking the Power of the Hai API
At HackerOne, we believe in practicing what we preach. To help get an idea of what's possible with the Hai API, we built our own automation powered by the Hai API to automate common workflows within our bug bounty program that were once manual processes.
The Challenge: Report Management
As a Bug Bounty program manager, one of the ongoing challenges is effectively managing and routing vulnerability reports. With numerous reports flooding in, it’s essential to determine which engineering team should handle each one.
We needed a way to analyze and triage reports quickly, find the right owner, and route it to the appropriate team's inbox.
The Solution: Harness the Power of AI for Report Automation
To tackle this, we turned to Hai, our own HackerOne AI. Report Automation was born out of a need to streamline the report management process and leverage AI for smarter triaging.
This script lets us fetch reports based on specific criteria, send them to the AI for analysis, and automatically update custom fields.
Putting It to the Test
We started using the script internally, rigorously testing it to ensure it met our needs.
Here’s how it works in practice:
- Fetching Reports: The script retrieves reports that match our specified filters, such as program, severity, and state. This allows us to focus on the most critical issues first.
- AI-Powered Triage: Reports are sent to HackerOne AI for assessment. The AI evaluates each report and provides insights, helping us determine the validity and urgency of the issues.
- Automated Actions: Based on the AI’s response, the script can post private comments on reports, update custom fields, and export responses to a CSV file for further analysis.
A Game-Changer for Team Efficiency
One of the most significant benefits we’ve seen is setting custom fields in the reports. By tagging reports with specific attributes, we can filter them more effectively and create dedicated inboxes for each engineering team.
This means that each team has a clear view of the reports relevant to them, streamlining the workflow and ensuring that nothing slips through the cracks.
Accelerating Vulnerability Remediation
Using the Report Automation tool, we’ve analyzed a large volume of reports simultaneously. This drastically reduces the time spent on manual triaging and allows us to focus more on addressing the vulnerabilities.
The custom fields and team-specific inboxes have improved our organization, making it easier for teams to manage workloads and collaborate more effectively.
“With Hai API, you have the ability to generate an API token that can be used to query Hai and use it on specific reports or use it programmatically. As soon as a report is received, it marks a custom field or routes it to the relevant team. There’s still a human in the loop ensuring Hai is behaving as intended, but I’ve seen 100% success rate of doing it this way.”
— Dane Sherrets, Senior Solutions Architect, HackerOne
Join Us On This Journey
We’re excited about the potential of the Report Automation tool built through the Hai API and invite the community to contribute. We've open-sourced the script so anyone can help. Whether you have ideas for new features or want to help refine existing ones, we welcome your input.
Together, we can make Hai even more powerful and efficient.
Want to dive deeper into Hai? Click here to learn more.