HackerOne

What should companies change in their find to fix cycle first? Luke puts this question to the Jorge Monteiro, co-founder of Ethiack in HackerOne’s “Exposed” video series. - Validation? - Prioritization? - Engineering handoff - Fix verification? The old model has collapsed: discovery and exploitation now happen on the same day. The buffer is gone. So it’s all about validation; most teams overinvest on detection and starve on validation. Watch the full episode on YouTube. 🎬 https://bit.ly/4eJLcTe

Last week, HackerOne CEO Kara Sprague and I had the opportunity to meet with the Office of the National Cyber Director, The White House and the Office of Management and Budget Federal CISO to discuss what the government can and should do to strengthen U.S. cybersecurity in the #Mythos age of AI. The conversations covered a lot of ground - AI-enabled vulnerability discovery, the role of industry in supporting federal cyber defense, and how to build frameworks that promote security without stifling innovation. HackerOne has been making these arguments for years ▪️voluntary, collaborative frameworks between government and industry work ▪️scaling vulnerability disclosure and remediation requires the right mix of resources, incentives, and accountability - including requiring vulnerability disclosure policies for federal contractors ▪️the private sector has to be a genuine partner in defending critical infrastructure, not an afterthought These aren't new positions for us. But it's more important than ever to get the policy right and we appreciate the Administration’s willingness to engage directly with industry as part of that effort. #Cybersecurity #AI #AIPolicy #CyberPolicy #HackerOne #MythosMoment

What is AI particularly good at in the research process? André Baptista, co-founder at Ethiack shares his take in HackerOne’s “Exposed” video series. “I use it to find bypasses for things I wasn’t able to find myself or to go deep into libraries. You need to guide it to be an autonomous agent looking for specific components within your target.”

Last week, HackerOne CEO Kara Sprague and I had the opportunity to meet with the Office of the National Cyber Director, The White House and the Office of Management and Budget Federal CISO to discuss what the government can and should do to strengthen U.S. cybersecurity in the #Mythos age of AI. The conversations covered a lot of ground - AI-enabled vulnerability discovery, the role of industry in supporting federal cyber defense, and how to build frameworks that promote security without stifling innovation. HackerOne has been making these arguments for years ▪️voluntary, collaborative frameworks between government and industry work ▪️scaling vulnerability disclosure and remediation requires the right mix of resources, incentives, and accountability - including requiring vulnerability disclosure policies for federal contractors ▪️the private sector has to be a genuine partner in defending critical infrastructure, not an afterthought These aren't new positions for us. But it's more important than ever to get the policy right and we appreciate the Administration’s willingness to engage directly with industry as part of that effort. #Cybersecurity #AI #AIPolicy #CyberPolicy #HackerOne #MythosMoment

In this latest clip from HackerOne's “Exposed” video series, André Baptista, co-founder of Ethiack, describes how they’re using AI to supercharge vulnerability discovery and exploitation. AI can combine the elements that create a high impact chained vulnerability - André describes how it even tried to escape Ethiack’s own benchmarking.

In just 2 weeks time the HackerOne team will be onsite at #Infosec26 What can you expect? HackerOne’s signature minifigs? ✅ Limited edition t-shirt swag ✅ Insights and advice on how to combat the AI vulnerability apocalypse with continuous testing that prioritizes a faster find to fix loop? ✅ If you're a security leader wrestling with how to prioritize what actually matters and accelerate remediation at scale, come find us. 📍 Booth F142 📅 2–4 June

In the latest episode of HackerOne's “Exposed” video series, Luke Stevens sits down with the team at Ethiack to talk Mythos, AI-powered vulnerability detection, and how to measure risk reduction. In this clip, Jorge Monteiro, co-founder of Ethiack, talks about what Mythos has delivered is consistency of exploit development. Discovery has been augmented for a while, the bug classes themselves haven’t shifted, but Mythos is able to reliably show how it can find zero days at a bigger volume. Watch the full episode on YouTube. 🎬 https://lnkd.in/d4ZqK8a2

CISOs in 2026 are dealing with budget pressure, headcount freezes, and an ever-expanding attack surface. So how do you scale security operations without scaling the team? Join next week’s webinar: the operational playbook on how to do more with less. 🔗 Register: https://bit.ly/4tzDbEe Hear from Super Technologies about how, with a small team, they built a security operating model that expanded coverage, reduced response times, and created consistency across the organisation, and how the researcher community has become a strategic extension of their program. 🗓️ May 19, 2026 🕒 3:00 PM BST / 10:00 AM EST Get the tools to: → Create scalable security model that doesn't depend on headcount → Operationalise researcher collaboration with clear SLAs and workflows → Make cultural and process shifts that create a bigger impact → Deliver a framework your team can apply immediately

Wiz is now integrated with HackerOne. Read the press release: https://bit.ly/4uPuLd0 Security teams have a problem: more findings, less prioritization. HackerOne data shows vulnerability submissions surged 76% YoY in March 2026. The bottleneck is remediation: average resolution time has climbed from 160 to 230 days, meaning validated, exploitable vulnerabilities are sitting open longer than ever. Today, HackerOne and Wiz are closing that gap. Validated vulnerabilities from bug bounty, VDP, pentesting, and AI red teaming programs now map directly into Wiz's Security Graph and Attack Surface Management, giving teams a real-time view of risk across cloud infrastructure, identities, and data. Stop guessing what's actually exploitable in your environment and prioritize what actually is. This integration is part of HackerOne's PartnerOne Technology Alliance Program—a connected ecosystem built to compress the find-to-fix cycle and reduce exploitable risk.