HackerOne has unveiled the H1 Platform, a new agentic AI-powered system built to help organizations identify, validate, prioritize, and remediate security exposures on an ongoing basis.
The announcement arrives as security teams face growing pressure from a surge in both software development and vulnerability discovery driven by artificial intelligence. AI-assisted coding has become a routine part of development workflows, while security tools are uncovering vulnerabilities at an increasing rate. As a result, many organizations are struggling to keep up with validation and remediation efforts.
According to HackerOne, vulnerability submissions across its platform increased by 92% over the past year. The company also reported growth in critical and high-severity findings, while remediation capacity has not expanded at the same pace.
The H1 Platform is designed to address that gap through agentic AI capabilities embedded throughout the Continuous Threat Exposure Management (CTEM) process. At the center of the platform is Hai, HackerOne’s AI orchestrator, which analyzes exploitability indicators, remediation guidance, and attack activity to help security teams focus on the vulnerabilities most likely to create business risk.
“In a world reshaped by frontier AI models, security can’t afford to be static, theoretical, or siloed. It must be continuous, validated, and tied to business impact,” said Nidhi Aggarwal, Chief Product Officer at HackerOne. “As exploit windows shrink and vulnerability volume accelerates, organizations need security systems that can continuously discover and validate what matters, prioritize action, and operationalize remediation at AI scale to continuously reduce cyber risk.”
HackerOne Chief Executive Officer Kara Sprague said the platform reflects changing security requirements as organizations adopt more advanced AI technologies.
“The AI era demands a new kind of security platform: agentic, continuous, and operating at the speed of the threat. The H1 Platform closes the discovery-remediation gap that defines this moment, built on the only foundation that could make it work: the simultaneous trust of the Fortune 500 and the world’s largest community of security researchers, sustained over more than a decade,” said Kara Sprague, HackerOne’s Chief Executive Officer. “As enterprises move from securing code to securing AI itself, the researcher community’s role on this platform will only deepen.”
A key component of the platform is HackerOne’s global community of security researchers. While AI-driven automation can accelerate testing and analysis, researchers contribute expertise in areas that remain difficult to automate, including business logic weaknesses, novel attack techniques, and multi-step attack paths. HackerOne says this combination enables organizations to focus on vulnerabilities that have been demonstrated as exploitable rather than relying solely on theoretical risk assessments.
As organizations expand their use of AI systems, HackerOne expects researcher contributions to extend beyond vulnerability discovery into broader security intelligence and risk assessment activities.
Platform Capabilities
The H1 Platform combines exposure discovery, validation, prioritization, and remediation within a single operational environment. Key capabilities include:
- Continuous agentic testing across the attack surface with exploitability validation informed by historical program data and attack-path analysis
- Vulnerability prioritization based on exploitability and business impact
- Remediation workflows integrated with platforms including Jira, GitHub, ServiceNow, Azure DevOps, Linear, and other enterprise systems
- Agentic exploitation workflows that generate validated findings and route them directly to development teams
- Executive reporting and analytics, including Return on Mitigation (RoM) metrics intended to help organizations assess exposure reduction and remediation effectiveness
Customer Adoption and Results
HackerOne reports that the H1 Platform is used by approximately 1,300 organizations worldwide, including 20% of Fortune 500 companies and several leading AI-focused enterprises.
Across its customer base, the company says it has helped organizations reduce more than $32 billion in exposure risk and lower mean time to remediate (MTTR) by roughly 80%.
One example comes from Canadian fintech company KOHO Financial, where security teams have used the platform to improve vulnerability management processes.
“We went from a set-and-forget security program to one that actually keeps pace with how fast threats move,” said Scott Brown, Security Lead, KOHO Financial. “Reducing median triage time by roughly 80% has changed everything. Our team focuses on what’s confirmed and exploitable, and vulnerabilities get addressed before they become real risk.”
