Customer Artificial Intelligence (AI) Terms and Conditions

Effective Date: May 11, 2026

 

HackerOne's Services include the use of AI Technologies and AI Features. These Customer AI Terms and Conditions govern the delivery and use of our AI Features.

 

HackerOne designs and operates the AI Features to support secure and effective security workflows, while preserving Customer Data ownership and control over use of the AI Features. The AI Features are not designed to memorize or intentionally reproduce Customer Confidential Information in outputs provided to other customers.

 

HackerOne will not use Customer Input or AI Output to train or improve any shared or general-purpose artificial intelligence models, including generative or foundation models, without Customer’s explicit consent.

 

Further information regarding HackerOne’s processing of Customer Input and AI Output is set out in the Artificial Intelligence (AI) Governance Framework Policy.

 

 

These Customer AI Terms and Conditions apply to all Order Forms entered into on or after May 11, 2026 and to all production versions of the Services, and any other use of the Platform and/or any HackerOne product or service, by a Customer, unless such use has been superseded by a mutually agreed written instrument between HackerOne and such Customer.

 

By using the Services, Customer agrees to be bound by these Customer AI Terms and Conditions, which form part of the Terms. The Customer Terms and Conditions and the General Terms and Conditions are incorporated herein by reference. If you do not understand any terms in these Customer AI Terms and Conditions, the Customer Terms and Conditions and/or the General Terms and Conditions, please contact us before using the Services.

 

  1. Definitions

 

The following terms have the meanings set out below. Capitalized terms used but not defined in these terms shall have the meanings set out in the Customer Terms and Conditions and/or the General Terms and Conditions. 

 

  • AI Feature(s) means any tool, feature, functionality, or component of the Services that incorporates, uses, depends on, or employs any AI Technology.
  • AI Output means information, data, materials, text, images, code, works, expressions, or other content that is generated or otherwise produced by an AI Feature in response to Customer Input or from the use of an AI Feature by Customer. AI Output includes any modifications to, or derivative works of, such AI Output created by Customer in connection with Customer’s use of the Services or AI Features.
  • API means any application programming interface made available by HackerOne in connection with an AI Feature, or otherwise necessary to use, interact, integrate, or interoperate with an AI Feature.
  • AI Technology means any and all Machine Learning, Generative AI, deep learning, and other artificial intelligence (“AI”) technologies, including, without limitation, those capable of generating content (such as text, images, video, audio, or computer code) based on user-provided inputs, as well as statistical learning algorithms, models (including large language models), neural networks, and other AI tools or methodologies, all software implementations of any of the foregoing, and related hardware or equipment.
  • AI Usage Data means any data, insights, or other information generated or derived from Customer Input and AI Output, in aggregated and de-identified form.
  • Customer Customizations means any and all modifications, enhancements, refinements, adaptations, customizations, configurations, and derivative works of the APIs or AI Features, including, with respect to AI Features, those created through fine-tuning, grounding, or similar methods, in each case created or developed by Customer as permitted under the Terms.
  • Customer Input means information, data, materials, text, prompts, images, code, or other content that is (a) input, entered, posted, uploaded, submitted, transferred, transmitted, or otherwise provided or made available to HackerOne by or on behalf of Customer through Customer or its authorized representative’s use of the Services or an AI Feature, or (b) collected, downloaded, or otherwise received by an AI Feature for or on behalf of Customer, including, in each case, for purposes of fine-tuning, grounding, or otherwise modifying, refining, adapting, or customizing an AI Feature by, for, or on behalf of Customer. Customer Input is Customer Data for purposes of these Customer AI Terms and Conditions.
  • Generative Artificial Intelligence” or Generative AI” means any artificial intelligence system, including large language models, that emulates the structure and characteristics of its training data to generate derived synthetic content (such as text, images, video, and audio). For the avoidance of doubt, Generative AI does not include artificial intelligence systems that are solely designed for non-generative purposes, including applications of Machine Learning used for predictive analytics, classification, regression, clustering, personalization, or anomaly detection.
  • Machine Learning means an application of AI Technology that is characterized by providing systems the ability to automatically learn or identify patterns, so as to create advanced functionalities including, without limitation, predictive analytics, automation, personalization, and anomaly detection. Machine Learning models use supervised and unsupervised learning techniques, including regression, classification, clustering and reinforcement learning. 

 

  1. Access and Use of AI Features

 

Customer’s access to and use of any AI Feature is subject to these Customer AI Terms and Conditions. 

 

  1. AI Governance and Responsible AI

 

  1. HackerOne shall comply with Applicable Law in connection with the design, development, training, use, and provision of the AI Features. 

 

  1. HackerOne, in accordance with Applicable Law, has implemented, maintains and will remain in compliance with policies and procedures for the ethical, trustworthy, and responsible design, development, implementation, deployment, use, and provisioning of AI Technology incorporated into or used in connection with, or in support of the AI Features, including for: (a) transparency, explainability, accountability, safety, security, resiliency, privacy, fairness, mitigation and management of bias, accuracy, validity, reliability, human interpretability, and auditability; and (b) ongoing monitoring, maintenance, and oversight of the AI Features and their performance. 

 

  1. Use of AI Output

 

Customer shall be solely responsible for (a) evaluating (including by human review) AI Output for accuracy, relevancy and completeness, prior to using, distributing, or relying on the AI Output and (b) any decisions, actions, or omissions the Customer takes or declines to take in reliance or based on the AI Output.

 

  1. Generative AI

 

HackerOne will not share Customer Input with any unauthorized third party or use it to train or develop Generative AI without Customer's consent.

 

  1. Additional Use Restrictions

 

  1. In addition to the use restrictions set out in the Terms, Customer shall not and shall not permit any users to: 

 

  1. access or use the AI Features or any AI Output to create, develop, train, or improve any other AI Technology, such as a product or service that competes with HackerOne’s AI Features or Services, except that Customer may create or develop Customer Customizations for its internal business operations in compliance with the Terms; 

 

  1. use the AI Features or any AI Output as the sole basis for making decisions, including decisions with legal, financial, security, or other material impact, without appropriate human review and oversight; 

 

  1. use web scraping, web harvesting, web data extraction or any other method to extract data from the AI Features or any AI Output; or 

 

  1. use the AI Features or AI Output in a manner that Customer knows or should know infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or violates any law.

 

  1. Notwithstanding anything in the Terms to the contrary, unless prohibited by Applicable Law, HackerOne may delete Customer Input at any time if, in HackerOne’s sole opinion, it determines that Customer Input violates these Customer AI Terms and Conditions or that deletion is necessary to comply with Applicable Law.

 

  1. Intellectual Property Rights

 

  1. Ownership and Limited Use of Customer Input.  As between Customer and HackerOne, subject to applicable third-party intellectual property rights contained therein, Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all Customer Input, including all intellectual property rights relating thereto. Customer hereby grants to HackerOne a non-exclusive, royalty-free, transferable, worldwide license to:

 

  1. reproduce, distribute, and otherwise use and display the Customer Input as reasonably necessary to provide the Services to Customer; and

 

  1. use, modify, adapt, analyze, and process Customer Input to develop, adapt, modify, enhance, train or improve the Machine Learning and AI Features (excluding Generative AI), for the purposes of providing the Services, including for purposes of maintenance, quality assurance, and service improvement.

 

  1. Ownership of AI Output and License to HackerOne  

 

  1. As between the parties, and subject to any HackerOne or third-party intellectual property rights therein, Customer shall be the exclusive owner of all right, title, and interest in and to all AI Output.

 

  1. Customer grants to HackerOne a perpetual, irrevocable (subject to HackerOne’s compliance with these Terms), worldwide, non-exclusive, fully paid-up, royalty-free license, with the right to sublicense, assign, and transfer (including by operation of law), to access, use, host, copy, reproduce, modify, adapt, distribute, publicly display, create derivative works from, analyze, and otherwise use the AI Output for HackerOne’s business purposes, including to provide and develop its products and services. Such rights apply in all media and formats, whether now known or later developed, and shall survive any termination or expiration of these Terms for any reason. HackerOne may assign or transfer this license, without Customer’s consent, to any successor entity in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of HackerOne’s assets.

 

  1. HackerOne Property.  HackerOne retains all right, title, and interest in and to the HackerOne Property. To the extent HackerOne Property is incorporated into AI Output, HackerOne grants to Customer a non-exclusive, royalty-free, worldwide license to use such HackerOne Property solely as embedded in the AI Output and as reasonably necessary for Customer’s internal business use of the AI Output.

 

  1. AI Usage Data.  Subject to any applicable intellectual property rights therein, HackerOne shall own all right, title, and interest in and to all AI Usage Data, including any aggregated, anonymized, or de-identified data derived from the use of the Services or AI Features. AI Usage Data will not include Customer Confidential Information and will not be used in a manner that identifies Customer or discloses Customer-specific vulnerabilities or security information.

 

  1. Customer Customizations.  As between the parties, Customer retains all right, title, and interest in and to Customer Customizations, excluding any underlying HackerOne Property. Customer hereby grants HackerOne a perpetual, irrevocable (subject to HackerOne’s compliance with these Terms), worldwide, non-exclusive, fully paid-up and royalty-free license, with the right to sublicense, assign and transfer (including by operation of law), to access, use, host, copy, reproduce, modify, adapt, distribute, publicly display, create derivative works from, analyze, and otherwise use the Customer Customizations for HackerOne’s business purposes, including to provide and develop its products and services.  Such rights apply in all media and formats, whether now known or later developed, and shall survive any termination or expiration of these Terms for any reason. HackerOne may assign or transfer this license, without Customer’s consent, to any successor entity in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of HackerOne’s assets.

 

  1. Security

 

HackerOne shall develop, operate, and maintain AI Features deployed as part of the Services in accordance with recognized industry security standards and practices, including implementing appropriate administrative, technical, and organizational measures to protect the security and integrity of such AI Features and to safeguard against unauthorized access to and use of such AI Features, in each case consistent with Applicable Law.  

 

  1. Warranties

 

  1. Customer Warranty. The Customer represents, warrants, and covenants that it owns or otherwise has and will have all necessary rights, permissions, and consents in and relating to the Customer Input so that, when received by HackerOne in accordance with the Terms, such Customer Input does not and will not infringe, misappropriate, or otherwise violate any intellectual property rights, or any privacy or other rights of any third party or violate any Applicable Law.

 

  1. HackerOne warrants that HackerOne’s AI Features embedded in the Platform, Services or any other AI products or services offered or otherwise made available to Customer by HackerOne shall materially conform with applicable Documentation, subject to all use requirements and service level terms relevant to such tool, service or technology.

 

  1. WARRANTY DISCLAIMER

 

EXCEPT AS SET OUT IN SECTIONS 3.2 AND 9.2, AI FEATURES AND AI OUTPUT ARE PROVIDED "AS IS" AND HACKERONE SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. HACKERONE SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT AS SET FORTH IN SECTION 9.1, HACKERONE MAKES NO WARRANTY OF ANY KIND THAT THE AI FEATURES, OR ANY RESULTS GENERATED FROM THE USE OF THE AI FEATURES, INCLUDING ANY AI OUTPUT, WILL MEET CUSTOMER’S OR ANY OTHER PERSON'S OR ENTITY'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY CUSTOMER OR ANY THIRD PARTY'S SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR-FREE, OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED. NO INFORMATION OR ADVICE, WHETHER ORAL OR WRITTEN, OBTAINED BY OR THROUGH ANY AI FEATURE WILL CREATE ANY REPRESENTATION OR WARRANTY. THE CUSTOMER ACKNOWLEDGES THAT, GIVEN THE NATURE OF THE SERVICES AND AI TECHNOLOGY, AI FEATURES AND AI OUTPUT (A) MAY BE INACCURATE (B) MAY BE THE SAME AS OR SIMILAR TO AI OUTPUT THE SERVICES GENERATE FOR OTHER CUSTOMERS, (C) MAY NOT QUALIFY FOR INTELLECTUAL PROPERTY PROTECTION, (D) MAY BE SUBJECT TO THIRD-PARTY TERMS, INCLUDING, AS APPLICABLE, OPEN SOURCE LICENSES, AND (E) DO NOT NECESSARILY REFLECT, AND MAY BE INCONSISTENT WITH, HACKERONE'S VIEWS.