Today, HackerOne launched the evolution of HackerOne AI, Hai, from a copilot into an agentic AI system, and the general availability of its AI-native code security product, HackerOne Code.
Together, they set a new standard in continuous exposure management by accelerating how enterprises find, prioritize, and remediate vulnerabilities.
“Hai has been central to our vision for AI-powered offensive security, and today marks the next stage in its evolution,” said Nidhi Aggarwal, Chief Product Officer at HackerOne.
Hai is HackerOne’s coordinated team of AI agents that continuously analyze and contextualize findings to help organizations prioritize, validate, and remediate risks faster, guided by insights from over 500,000 validated vulnerabilities. 70% of users cite time savings as the biggest impact, with users saving up to 40+ hours every month, a full work week.
“Hai cut our validation time from 20 minutes to just 5,” said Connor Knabe, Application Security Architect, Veterans United Home Loans. “By replacing manual steps with clear context, we validate faster, clarify impact, and stay aligned.”
Looking forward: Offensive security
To solve the challenge of discovering and eliminating vulnerabilities before applications are deployed, HackerOne Code is now generally available. Built for the AI development era, HackerOne Code is a code security solution that works like a developer and thinks like a security researcher—scaling vulnerability discovery with AI and human oversight.
HackerOne is also previewing the next milestone in its agentic roadmap: Agentic Pentest as a Service (PtaaS). Taking validation a step further, Agentic PtaaS continuously proves exploitability at AI-driven scale while keeping human ingenuity at the core. This breakthrough extends exposure management into adversarial validation, delivering real proof of exploitation so organizations can prioritize and remediate with greater confidence.
Aggarwal continued: “Powered by the insights drawn from over a decade of offensive security expertise, Hai’s new agents and the introduction of Agentic PtaaS extend its capabilities from validation to proof of exploitability, helping organizations continuously reduce exposure and accelerate remediation at scale.
In the AI era, secure development must be built in, not bolted on. HackerOne Code empowers developers with validated, trusted code fixes directly within their workflows, enabling them to innovate faster without increasing risk.”
