What a way to finish the Elite Eight round! 💪 Each of these amazing teams' incredible work over the last 11 days is something to be extremely proud of. On behalf of the entire HackerOne team and our #AmbassadorWorldCup partners AS Watson Group (Europe) and OKX--- THANK YOU! 🙌 Stay

Results of our jailbreaking challenge: After 5 days, >300,000 messages, and est. 3,700 collective hours our system got broken. In the end 4 users passed all levels, 1 found a universal jailbreak. We’re paying $55k in total to the winners. Thanks to everyone who participated!

“I’ve put a lot of claude into it” > “I’ve put a lot of thought into it”

H1 is adding a package containing a banana, Saratoga water, and a clock with the alarm set to 3:59a to its bug bounty rewards.

.@HackerOne’s Hai can now visualize (complex) proof of concepts and it's magical! Understanding security vulnerabilities can be complicated, especially when reproducing it involves multiple accounts, many steps, or different systems — and this new Hai capability makes it so much

This was a great find and had a super interesting root cause: hackerone.com/reports/3000510

Watching MCP gain momentum reminds me of early API adoption—huge potential but massive risk if you’re not careful. HackerOne bug bounty programs and AI red teaming aren’t nice-to-haves anymore. They bring in external perspectives, which is what you need when your system opens

Yesterday, the Dutch HackerOne Ambassador World Cup team came together again, this time for the AWC finals. Another great day of hacking, teamwork, and good vibes all around. Thanks everyone for joining again! #togetherwehitharder #awcfinals

The @hacker0x01 ambassador World Cup comes to an end. After 1 year, 42 teams, 766 hackers, and 6 rounds (including two in person), we conclude what to me is a passion project I always envisioned and I'm very happy to make a reality. Thanks to everyone who made it possible.

We're launching a new bug bounty initiative to stress-test an updated version of our anti-jailbreaking system before it’s publicly deployed. The program, in partnership with HackerOne, runs through Sunday.

If you’re left-brained, you’ll see a path traversal. If you’re right-brained, you’ll see a SQLi.

If you can’t code, you will never find vulnerabilities. Or to be fair, you’ll never find the ones that matter. You’ll hit a ceiling in vulnerability research. Sure, you can rack up CTF points, follow step-by-step blog posts, land a bug bounty once in a while, or even go viral on

Hey hackers! We're running a beta for Hai for Hackers, our AI security agent. If you're interested, please reply with your HackerOne username (we will probably limit to ~100 hackers for now). After it's been enabled, you can start using it by clicking the Hai button in the top

Great question! Here is HackerOne’s approach in case people are wondering: hackerone.com/blog/secure-ai…. TL;DR: we don’t access reports outside of user-level permissions and we don’t improve GenAI models based on conversations / sensitive data.

I am honored and humbled to have received this lifetime achievement award today from HackerOne . When I began working with the bug bounty team at Salesforce in 2016, I was a total noob. I quickly identified an unknown passion for it, and have never looked back. I continued

Secure AI by Design at HackerOne: hackerone.com/blog/secure-ai…

What is the equivalent of phishing of an AI agents? Lishing? Processes that involve humans can be tested using social engineering attacks, like phishing. Companies will build more AI agents and reduce the Human-in-The-Loop (HiTL). When you automate parts of a process using AI,

I’m doing an experiment: trying to figure out how much energy certain behaviors cost / give in my life. Next up is social media, so I’m going to take a break until 2026. GLHF!