HackerOne Unveils Agentic AI Platform to Discover and Validate Vulnerabilities Faster
HackerOne has launched a platform that expands the use of artificial intelligence (AI) agents to identify threats and prioritize remediation efforts based on how exploitable a vulnerability actually is and the level of risk it represents.
Company CEO Kara Sprague said the H1 Platform enables independent security researchers who are part of the HackerOne community to now take advantage of AI agents to continuously discover, validate and help prioritize remediation efforts at a much higher level of scale.
That capability is now especially critical as the volume of zero-day vulnerabilities that are now being discovered and exploited using AI models is increasing exponentially, she added.
The H1 platform is based on Hai, an orchestration platform that HackerOne previously launched to reduce the overall level of friction security researchers experience when relying on manual processes, said Sprague. Previously, HackerOne made some AI agents available, but the H1 platform takes continuous threat exposure management (CTEM) to the next logical level by making available a wider range of AI agents that have been trained to automate a range of cybersecurity tasks and workflows, she added.
Once vulnerabilities are discovered and validated, that orchestration engine can then share those findings with application development and IT operations teams via integrations that HackerOne now provides with applications and platforms such as Jira, GitHub, ServiceNow, Azure DevOps and Linear.
In general, the vulnerability discovery capability that frontier AI models now enable will require organizations to revisit their DevSecOps workflows, noted Sprague. Not all vulnerabilities are equally serious, but there is now a much greater need to be able to develop and apply patches much faster, she added.
In some cases, exploits for vulnerabilities are already being made available before a patch has even been created. The only way to stay ahead of the rate at which vulnerabilities are now being discovered and exploited is to rely more on AI agents and researchers to discover more issues sooner, noted Sprague. The challenge is determining how much additional budget to allocate to reduce a massive amount of existing technical debt that frontier AI models are now able to easily uncover, she added.
Typically, that will mean letting AI agents discover issues that tend to be more common, while human researchers focus more of their time and effort on surfacing business logic flaws, novel attack chains, and adversarial techniques for which no training data has thus far been provided, noted Sprague.
Ultimately, cybersecurity teams will need to keep a much more watchful eye on the rate at which remediation backlogs are increasing as more vulnerabilities are discovered, along with their overall mean time to remediation, said Sprague. Right now, remediation backlogs are clearly rising even as DevSecOps teams create and deploy patches faster, added Sprague.
Each cybersecurity team will need to determine to what degree to rely on external cybersecurity researchers to help discover and validate vulnerabilities. The one thing that is certain, however, is in the absence of any AI capabilities, it is now simply a matter of when, rather than if, those teams will be overwhelmed.
