HackerOne Blog

The latest from HackerOne

When Discovery Is Cheap, Validation Is Priceless for Reducing Risk

March 26, 2026

AI is making vulnerability discovery cheap. CTEM only reduces risk when teams validate exploitability, remediate, and retest to prove fixes hold.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Security Research

Evolving with AI: How One Security Researcher Built a Career Around Time

April 7, 2026

Meet Douglas Day and see how bug bounty programs and AI automation helped him build a security research career with more flexibility and freedom.

Code Security

Security Research

How to Find XSS: Techniques Security Researchers Use in Real Environments

April 1, 2026

Learn how to find XSS vulnerabilities and validate real exploitability using techniques trusted by security teams.

Exposure Management

Return on Mitigation

When Discovery Is Cheap, Validation Is Priceless for Reducing Risk

March 26, 2026

AI is making vulnerability discovery cheap. CTEM only reduces risk when teams validate exploitability, remediate, and retest to prove fixes hold.

Public Policy

AI Red Teaming

Europe’s New AI Security Standard: What It Means for Vulnerability Disclosure and AI Red Teaming

March 25, 2026

ETSI EN 304 223 makes Vulnerability Disclosure and AI red teaming baseline expectations. Get practical steps to prepare for EU rollout by late 2026.

Security Research

AI Red Teaming

Advancing AI Red Teaming: Agentic Taxonomies and Governance-Ready Reporting

March 24, 2026

AI Red Teaming now maps validated agentic exploit paths to OWASP, NIST, ISO, and the EU AI Act. Get governance-ready reporting without spreadsheets.

AI Red Teaming

From Guardrails to Proof: Introducing Agentic Prompt Injection Testing

March 18, 2026

Prompt injection is rising fast. Agentic Prompt Injection Testing gives security teams proof of exploitability across real AI systems and workflows.

Exposure Management

Response

EU Cyber Resilience Act: Preparing Your VDP for 2026 Reporting Requirements

March 17, 2026

The EU Cyber Resilience Act introduces mandatory vulnerability and incident reporting starting September 11, 2026. See key dates, reporting timelines, and how a VDP helps teams stay audit-ready.

Crowdsourced Security

Bug Bounty

Introducing the HackerOne Bug Bounty Maturity Framework: A Guide to Operational Excellence

March 16, 2026

The HackerOne Bug Bounty Maturity Framework defines Baseline, Competitive, and Exemplary practices so teams can improve bug bounty operations, reduce friction, and drive stronger risk reduction.

Exposure Management

Crowdsourced Security

Bug Bounty

Hai

Closing the Exposure Gap: What pixiv Learned About Continuous Security Testing

March 10, 2026

pixiv moved beyond periodic assessments to continuous security testing, proving real exploitable risk, reducing noise, and accelerating remediation with high-signal findings.