HackerOne

HackerOne was founded in 2012 by Dutch security researchers Michiel Prins and Jobert Abma alongside Alex Rice and Merijn Terheggen, after Prins and Abma famously found vulnerabilities in 100 top tech companies — including Google, Facebook, and Apple — in a single research project. The company pioneered the bug bounty and coordinated vulnerability disclosure market, connecting enterprises with a global community of vetted security researchers to surface real-world vulnerabilities before attackers do. Today HackerOne operates the world's largest ethical hacker community and positions itself as a global leader in Continuous Threat Exposure Management (CTEM), serving clients including Goldman Sachs, General Motors, Coinbase, Anthropic, and the U.S. Department of Defense.

HackerOne has raised $161 million in total funding across five rounds, achieving a $841 million Series E valuation in January 2022. The company launched its AI co-pilot Hai in February 2024 — a GenAI assistant embedded in the platform to accelerate vulnerability triage and program management — which saw 500% adoption growth by December 2024. In January 2026, HackerOne introduced Agentic PTaaS (Penetration Testing as a Service), combining autonomous AI agents with human-validated testing to deliver continuous expert-verified pentesting at enterprise scale. The company also established the Good Faith AI Research Safe Harbor framework in January 2026 to provide legal protections for researchers testing AI systems.

HackerOne's core technical differentiation lies in combining a vetted researcher community — over 1 million registered hackers — with AI-powered automation in a single platform. Its AI red teaming service deploys both human researchers (750+ AI-focused specialists) and adversarial AI agents to test prompts, retrieval pipelines, and agentic workflows against threats like jailbreaks, prompt injection, and cross-tenant data leakage. The platform has tested over 1,700 AI assets and validated findings through its Hai co-pilot, which classifies and prioritizes vulnerabilities in real time. HackerOne paid $81 million in researcher rewards in fiscal year 2025 — a record — and total all-time bounties paid have surpassed $300 million.

HackerOne competes in a fragmented market that spans bug bounty platforms (Bugcrowd), managed security testing (Synack), and emerging AI red teaming specialists. Its scale advantage — the largest researcher community by volume — creates a flywheel that smaller competitors cannot easily replicate. The shift toward CTEM and agentic pentesting puts HackerOne in direct competition with automated security validation players like Pentera, but HackerOne's hybrid human-plus-AI model occupies a distinct niche: validated, creative, human-led testing at platform scale. The company's $841 million Series E valuation from 2022 has not been refreshed, and with no public funding since then, questions around a future IPO path or strategic acquisition linger. However, its deep enterprise relationships — including the U.S. Department of Defense and the UK Ministry of Defence — and its early-mover position in AI red teaming give it durable competitive differentiation in a category expected to grow rapidly through 2026 and beyond.