Hai is built to empower security teams with AI-driven insights while maintaining strict security and transparency standards. Hai enhances workflows, provides context-aware assistance, and ensures responsible GenAI use. Hai only operates within clearly defined boundaries to protect user data, prevent misuse, and maintain trust. Data submitted to Hai is not shared with or accessible by other HackerOne customers, nor is it used to train or fine-tune large language models (LLMs).
For more, check out Hai Security & Trust and Responsible AI at HackerOne.
Yes. HackerOne Code is compatible with out-of-the-box integration support for GitHub Enterprise Server, GitLab Self-Managed, GitLab Dedicated, Bitbucket Data Center, and Azure DevOps Server
For more, check out On-Premise Integration Guide.
If it's related to a security risk detected and validated, a real engineer. We do have conversational AI features for things like running commands and for instant feedback. Automated comments & those written by real people are clearly labeled.
HackerOne engineers who validate security risk detections are contractors and employees of HackerOne. Engineers are assigned to pull or merge requests based on technology expertise, professional experience, and familiarity with the repository involved.
All have been thoroughly vetted, signed NDAs and personal invention assignment agreements. 99% are based in the US with a few in UK, CA, NZ, AU. Larn more about them here.
We have dedicated AI-powered processes for understanding context, reachability, and likelihood on top of the tools we use for detection. Then everything gets validated by an expert.
HackerOne Code supports review for all programming languages, frameworks, libraries, platforms & versions. See a list of our current supported technologies here.
Most automated security scanners detect in volume of detections. These tend to be surface-level, false positives, or duplicates. This can bombard developers with noise. Because true-positives are often buried in noise and don't include actionable next steps, few things ultimately get remediated.
Hackerone Code covers Detection → Validation → Remediation. A smaller percentage of issues are raised to developers because they're thoroughly validated. And when they are, they contain =actionable next steps and support with remediation from both a specialized Hai co-pilot and real engineers.Automated scans initiate as soon as a pull or merge request is opened and complete in 2-4 minutes.
When security risks are detected that need to be validated, results are posted within 90 minutes for a majority of cases.
Every software team pushes code different. Let's talk about your needs and find an option that helps your development team build better software.