Hackbots are here, now what? 🤖 AI-driven tools are changing how vulnerabilities are discovered, making security testing faster and more scalable. But automation alone isn’t the answer. As highlighted in HackerOne latest article, our CTO, André (André Baptista), emphasizes that the

The power of collaboration and community. 24 hours and thousands of adversarial prompts later & no universal jailbreak uncovered yet.

HackerOne is excited to partner this week with Anthropic on a brand new bug bounty challenge, leveraging the creativity of researchers to measure the resilience of the new Constitutional Classifiers system. Up to $30K in rewards for qualifying jailbreaks!

still can't believe .zip domains exist

Results of our jailbreaking challenge: After 5 days, >300,000 messages, and est. 3,700 collective hours our system got broken. In the end 4 users passed all levels, 1 found a universal jailbreak. We’re paying $55k in total to the winners. Thanks to everyone who participated!

First came pre-training scaling; then came inference-time scaling. Now comes judge-time scaling. Despite progress in AI through scaled inference-time compute, AI remains unreliable in open-ended, non-verifiable domains. The key limitation is not generation—it is evaluation.

$70K for an IDOR? Yep, it's possible! Snap is running a lucrative campaign in their public bug bounty program honing in on IDOR vulnerabilities. A crit can net you $70K! hackerone.com/snapchat?type=…

.@HackerOne’s Hai can now visualize (complex) proof of concepts and it's magical! Understanding security vulnerabilities can be complicated, especially when reproducing it involves multiple accounts, many steps, or different systems — and this new Hai capability makes it so much

I am curious how much MW OpenAI has burned on Studio Ghibli

.Caido and HackerOne are collaborating on a plugin that streamlines the H1 submission process. We’re envisioning a plugin that gives a simple UI to combine evidence that serves as the foundation of a report and removes most of the writing burden. Link in the comments.

We're launching a new bug bounty initiative to stress-test an updated version of our anti-jailbreaking system before it’s publicly deployed. The program, in partnership with HackerOne, runs through Sunday.