HackerOne

Secure code at the speed your developers ship. HackerOne Code uses AI agents plus expert validation to catch what scanners overlook—and help teams fix issues faster. See it in action at BlackHat MEA and BlackHat Europe. 📍 Riyadh Booth #H2.D41 | London Booth #609

A newly discovered vulnerability, dubbed Shai-Hulud 2.0, is unfolding across the internet, demonstrating how quickly a compromised package can cascade across thousands of systems. Security leaders need visibility, resilience, and speed. At HackerOne, our AI-powered platform, combined with our global community of security researchers, helps uncover blind spots automated tools miss and strengthen defenses before incidents escalate. Three steps to take now: 🔍 Reassess exposure across your entire software supply chain 🤝 Use external expertise to identify what internal teams overlook ⚡ Move toward continuous threat exposure management across code, cloud, and AI 📘 Read our full blog to understand what happened, what’s at risk, and what leaders should do next: https://bit.ly/49GzHcP #Cybersecurity #SupplyChainSecurity #CTEM #TogetherWeHitHarder

AI can accelerate your security program—but only if you deploy it with the right guardrails, ownership, and measurement in place. In a new CISO Series interview, Naz Bozdemir, Lead Product Researcher at HackerOne, breaks down what CISOs should prioritize as they integrate AI systems into their defenses. Her bottom line: AI can be a powerful force multiplier, but only when paired with clear governance, human ingenuity, and continuous testing. Watch the full conversation here 👇

AI is reshaping how organizations build and defend modern systems. It’s also introducing new risks that traditional testing can’t keep up with. Security leaders are wrestling with challenges like: ⚠️ Unpredictable model behavior under adversarial prompts ⚠️ Hidden exposure paths created by complex data flows ⚠️ Vulnerabilities introduced by AI-generated code ⚠️ Pressure to deploy fast without mature validation standards ⚠️ A threat landscape evolving faster than internal teams can respond Most teams recognize the need to enhance AI security testing, but far fewer understand how to develop a program that effectively scales. To help, we published an AI Security Testing Maturity Playbook that breaks down what “good” looks like at every stage and where organizations tend to stumble. If you’re building a resilient, scalable AI security program, this is for you. 👉 https://bit.ly/4od4bGM #AI #Cybersecurity #AISecurity #CISO #TogetherWeHitHarder

Red teaming isn’t what it used to be. HackerOne Chief Product Officer Nidhi Aggarwal joined the CISO Series podcast to share how AI is reshaping red teaming and why enterprises need to evolve their approach to stay ahead of risk. 📹 Watch the full clip. #AI #Cybersecurity #AIRedTeaming #AIsecurity

Retailers are gearing up for the busiest shopping days of the year—but so are attackers. According to the 2025 Hacker-Powered Security Report, retail and e-commerce programs saw 40% of all vulnerabilities rated high or critical, with the most common flaws tied to session hijacking, weak recovery flows, and client-side script tampering. Ahead of Cyber Monday, leading brands are stress-testing checkout, payment, and loyalty systems to close fraud paths before they can be exploited. With an average breach cost of $3.5 million, proactive security isn’t optional, it’s operational resilience. For safer systems during the busy shopping season, it's critical that retailers: 🔹 Pay premiums for findings tied to customer trust and fraud vectors—from loyalty and gift-card API bypasses to client-side data leaks. 🔹 Scope client-side integrity explicitly, treating third-party scripts and browser supply chains as first-class assets. 🔹 Embed supply-chain security into procurement, requiring vendors and payment gateways to show regular testing and coordinated disclosure processes. 🔹 Run focused testing campaigns on checkout, inventory, and pricing systems ahead of peak events to minimize high-traffic exposure windows. 📊 Learn how retailers like A.S. Watson, Shopify, and Lowe’s stay one step ahead: https://bit.ly/3LJkZHX #CyberSecurity #RetailSecurity #Ecommerce #FraudPrevention #TogetherWeHitHarder

Trust is eroding faster than AI is advancing. In her latest blog, HackerOne CEO Kara Sprague explores why CISOs must operationalize both AI security and AI safety to build resilient, trustworthy systems. 🛡️ AI Security: Safeguarding systems from exploitation 🤖 AI Safety: Preventing harmful or unethical outputs Neither is optional. Together, they form the two inseparable pillars of resilient AI strategy—and both require outside-in, adversarial testing before real users are exposed. Read Kara’s full perspective on how security leaders can operationalize both pillars to build trustworthy AI systems: https://bit.ly/4o1xcoG

AI is reshaping everything—from infrastructure to the threat landscape. But how do global enterprises keep AI secure at scale? Join experts from Amazon Web Services (AWS), Shopify, and HackerOne for an exclusive webinar on AI Security at Scale, where we’ll explore: 🔹 How leading organizations manage AI risk 🔹 Real-world lessons from AI deployments 🔹 Strategies to secure AI without slowing innovation 📅 Date: November 20, 2025 | 1pm ET 🔗 Register now: https://lnkd.in/eGBS6cWR Let’s build AI you can trust, together. #AI #Cybersecurity #CloudSecurity #AWS #TogetherWeHitHarder

Big things happen when innovation meets collaboration. Together with Shopify Engineering, we hosted an AI-focused live hacking event at Shopify’s Toronto office, bringing together eight incredible researchers to test and secure Shopify’s AI tooling, including their app, Sidekick. Submissions explored both AI safety and AI security, showcasing how human expertise strengthens emerging AI systems. Collaboration like this helps shape safer, smarter technology for everyone. #HackForGood #TogetherWeHitHarder #AIsecurity