HackerOne - Experts & Thought Leaders

HackerOne, a pioneering provider of offensive security solutions, announces the availability of its security agent Hai in the new AI Agents and Tools category of AWS Marketplace. Customers can now use AWS Marketplace to easily discover, buy, and deploy AI agent solutions, including HackerOne’s AI security agent Hai, using their AWS accounts, accelerating AI agent and agentic workflow development. Resolution across SDLC Hai helps security teams reduce validation time by up to 75%, improve consistency in severity scoring Hai helps security teams reduce validation time by up to 75%, improve consistency in severity scoring, and streamline communication between security, engineering, and development teams. This results in faster, more aligned vulnerability resolution across the software development lifecycle (SDLC). Access to agentic AI solutions "By offering Hai in AWS Marketplace, we're providing customers with a streamlined path to discover and adopt our security agent, enabling faster, more efficient access to agentic AI solutions," said Nidhi Aggarwal, Chief Product Officer at HackerOne. "Our customers in a broad range of industries are already using these capabilities to accelerate remediation, improve decision-making, and strengthen their overall security posture." Intelligent report analysis Hai delivers essential capabilities including intelligent report analysis, program-wide trend detection, and integrated workflow automation. These features enable customers to make smarter decisions, act faster, and strengthen their security posture while cutting coordination time with security and development teams by 20–30%.  Availability of AI Agents and Tools With the availability of AI Agents and Tools in AWS Marketplace, customers can significantly accelerate By surfacing relevant insights, such as report summaries, similar past submissions, and suggested severity, Hai reduces back-and-forth and accelerates action. With the availability of AI Agents and Tools in AWS Marketplace, customers can significantly accelerate their procurement process to drive AI innovation, reducing the time needed for vendor evaluations and complex negotiations. HackerOne's strict security and access controls With centralised purchasing using AWS accounts, customers maintain visibility and control over licencing, payments, and access through AWS. Available as a native capability within the HackerOne Platform, Hai uses pre-trained large language models through AWS Bedrock while operating within HackerOne's strict security and access controls. This enables customers to access AI-driven insights securely without compromising their data, systems, or privacy.

HackerOne, a pioneer in offensive security solutions, announced the appointment of Nidhi Aggarwal as Chief Product Officer (CPO) and member of the executive leadership team. Aggarwal will lead the execution of HackerOne's platform vision and product strategy, unifying the company’s product portfolio around a more integrated, AI-powered experience that seamlessly scales human security expertise through AI agents to not just find but remediate vulnerabilities. HackerOne’s product evolution Aggarwal’s appointment comes at a pivotal moment in HackerOne’s product evolution Aggarwal’s appointment comes at a pivotal moment in HackerOne’s product evolution. Over the past few months, the company released several significant innovations, including new features with Hai, HackerOne’s AI security agent first introduced in February 2024.  These new capabilities — Hai Program Insights, Benchmarks, Recommendations, and Findings — help customers prioritize and act on vulnerabilities more effectively. HackerOne's new Hai Play HackerOne also introduced a new Hai Play, which automatically calculates Return on Mitigation (RoM) based on an organisation’s unique vulnerability data and context.  Additionally, HackerOne is expanding its platform ecosystem by adding integrations with ServiceNow, Secure Code Warrior, and GitLab, as well as enterprise-grade functionality through automations.  Prior roles of Aggarwal Aggarwal brings over 15 years of experience driving growth and innovation at companies A seasoned technology entrepreneur and product pioneer, Aggarwal brings over 15 years of experience driving growth and innovation at companies ranging from early-stage startups to global enterprises.  She co-founded Qwiklabs, a cloud configuration platform acquired by Google, and held executive leadership positions at Tamr, an AI + human-in-the-loop master data management platform where she led product and marketing. She also previously worked at Wellington, Hewlett-Packard Labs, VMware, and McKinsey & Company. She holds a Ph.D. in Computer Science and serves on the Board of Visitors for the Computer Science department at the University of Wisconsin-Madison, which honored her with an Early Career Achievement Award. HackerOne’s leadership in the AI era “Nidhi’s appointment will accelerate HackerOne’s leadership in the AI era,” said Kara Sprague, CEO of HackerOne. “She brings the strategic clarity and operational depth to drive execution of our AI-centric platform vision, deliver more customer value, and ensure that innovation remains at the heart of everything we do.” HackerOne's next-generation platform “HackerOne has a unique opportunity to redefine security in the AI era," said Aggarwal. "By combining human expertise with the power of AI, we're uniquely positioned to deliver high-quality security findings with unprecedented scale and speed." "Our AI-powered platform accelerates vulnerability discovery, triage, and response while equipping both security researchers and customers with intelligent tools and real-time insights. I'm excited to join this exceptional team to build a next-generation platform that enables security and development teams to find and fix vulnerabilities before adversaries can exploit them."

HackerOne, a pioneer in finding and fixing critical vulnerabilities and AI safety issues, published When ROI Falls Short: A Guide to Measuring Security Investments with Return on Mitigation, a report that revealed security pioneers’ negative perceptions surrounding ROI for the measurement of cybersecurity value. The whitepaper also introduced Return on Mitigation (RoM) — a new metric that helps security pioneers quantify the financial value of protecting their businesses from cyberattacks. Cybersecurity budgets Challenges in quantifying ROI for cybersecurity effects have led to reduced cybersecurity budgets As the average cost of a data breach grows to nearly $5 million in the US, challenges in quantifying return on investment (ROI) for cybersecurity products have led to decreased cybersecurity budgets. ROI remains the gold standard for justifying cybersecurity spending and measuring investment efficacy, yet most security pioneers say applying it to cybersecurity presents challenges. Hardest part of ROI  “The hardest part of ROI in security is quantifying it,” said one VP of Security at a Fortune 500 Manufacturing Company. “It's challenging to measure the cost of a vulnerability or compare solutions, especially when considering factors like reputational damage, downtime, and revenue impact." HackerOne’s report In HackerOne’s report, 550 security pioneers—including CIOs, CISOs, and security directors—revealed: ROI overlooks incident response and long-term stability, which over three-quarters of security pioneers (77%) prioritise in evaluating their cybersecurity approach.  Sixty-nine percent of security pioneers also believe ROI overemphasises direct costs and fails to account for indirect costs like incident response and training.  More than half of pioneers stated that ROI fails to consider enough factors contributing to cybersecurity value, including cost savings from avoided breaches and non-financial benefits like protected brand reputation and customer trust.  Value of security investments “When it comes to breaches, we all intuitively know that an ounce of prevention is worth a pound of cure,” said Alex Rice, co-founder and chief technology officer, at HackerOne.  “But without the right metrics, it’s hard to advocate for the value of security investments. Return on Mitigation reframes proactive and preventive work as a value driver.” Impact of cybersecurity initiatives RoM is a metric that security pioneers can use to gain a more holistic view RoM is a metric that security pioneers can use to gain a more holistic view of the financial impact of cybersecurity initiatives and communicate how cybersecurity efforts align with an organisation’s financial goals to executives and board members.  RoM’s formula quantifies the financial impact of proactive cybersecurity investments by measuring avoided financial losses from a breach — costs prevented by mitigated risks like regulatory fines, legal costs, reputational damage, and business disruptions.  Security investments “Return on Mitigation’s (RoM) data-driven approach allows us to demonstrate the real impact of proactive mitigation to the board, ensuring our security investments not only protect the bottom line but also strengthen customer trust,” said Rossini Moraes, Information Security Manager at Inter&Co. “RoM allows me to justify a $300,000 investment against a potential $5 million critical breach,” said a Head of Cybersecurity at an enterprise financial infrastructure provider. “(With this metric), I can show how mitigating vulnerabilities through continuous, offensive security testing can prevent costly breaches and justify the spend." HackerOne customers can experiment with RoM with the platform’s AI copilot, Hai.