Agentic pentesting improves fastest in production. See how real-world testing plus validated feedback boosts accuracy, coverage, and reliability over time.

HackerOne News

Responsible AI at HackerOne: 2026 Update

April 9, 2026

A 2026 update on HackerOne’s responsible AI: human oversight for sensitive actions, stateless inference, no-training commitments, and open validation.

Security Research

Evolving with AI: How One Security Researcher Built a Career Around Time

April 7, 2026

Meet Douglas Day and see how bug bounty programs and AI automation helped him build a security research career with more flexibility and freedom.

Code Security

Security Research

How to Find XSS: Techniques Security Researchers Use in Real Environments

April 1, 2026

Learn how to find XSS vulnerabilities and validate real exploitability using techniques trusted by security teams.

Exposure Management

Return on Mitigation

When Discovery Is Cheap, Validation Is Priceless for Reducing Risk

March 26, 2026

AI is making vulnerability discovery cheap. CTEM only reduces risk when teams validate exploitability, remediate, and retest to prove fixes hold.

Public Policy

AI Red Teaming

Europe’s New AI Security Standard: What It Means for Vulnerability Disclosure and AI Red Teaming

March 25, 2026

ETSI EN 304 223 makes Vulnerability Disclosure and AI red teaming baseline expectations. Get practical steps to prepare for EU rollout by late 2026.

Security Research

AI Red Teaming

Advancing AI Red Teaming: Agentic Taxonomies and Governance-Ready Reporting

March 24, 2026

AI Red Teaming now maps validated agentic exploit paths to OWASP, NIST, ISO, and the EU AI Act. Get governance-ready reporting without spreadsheets.

AI Red Teaming

From Guardrails to Proof: Introducing Agentic Prompt Injection Testing

March 18, 2026

Prompt injection is rising fast. Agentic Prompt Injection Testing gives security teams proof of exploitability across real AI systems and workflows.

Exposure Management

Response

EU Cyber Resilience Act: Preparing Your VDP for 2026 Reporting Requirements

March 17, 2026

The EU Cyber Resilience Act introduces mandatory vulnerability and incident reporting starting September 11, 2026. See key dates, reporting timelines, and how a VDP helps teams stay audit-ready.