IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Flux result ad42d32c 7135 4932 a4cb b35aca0c1391
#
DevOps
#
Digital Transformation
#
Application Security

HackerOne launches h1 Validation to tackle AI flaws

Wed, 22nd Apr 2026 (Yesterday)
Author image
By Catherine Knowles, News Editor

HackerOne has launched h1 Validation, a product designed to help enterprises assess AI-discovered vulnerabilities. The release is intended to address a growing gap between identifying software flaws and fixing them.

The launch comes as the volume of vulnerability reports on HackerOne's platform has risen sharply. Submissions increased 76% year on year and reached a record high in March 2026, according to company data.

That increase has not reduced the share of flaws that pose a genuine threat. About 25% of findings were confirmed as exploitable, indicating that the absolute number of security weaknesses attackers could use is also rising.

The severity mix has shifted as well. High and critical vulnerabilities made up 32% of reports, up from a historical range of 26% to 28%.

At the same time, companies have less time to respond. The window between disclosure and exploitation has fallen to hours, while remediation rates have improved by only 19% year on year, contributing to what HackerOne described as record backlogs.

Validation Focus

h1 Validation is intended to filter and assess reported vulnerabilities so security and engineering teams can focus on those most likely to be exploited. It combines automated analysis with human review to help customers decide which issues need immediate action and what remediation steps to take.

HackerOne is targeting a problem that has become more visible as newer AI systems are used in security research and testing. Tools such as Claude Mythos and OpenAI's GPT-5.4-Cyber have increased the speed and scale of vulnerability discovery, according to the company, but they have also added pressure on corporate security teams that must process far larger numbers of findings.

For many organisations, the challenge is no longer simply finding weaknesses in software and systems. It is deciding which can be exploited in practice and which pose the greatest operational risk.

The new product is designed to handle larger volumes of findings and more complex attack paths, including multi-step chains that can be harder to assess through automated scanning alone. HackerOne positions the offering within the broader market for continuous threat exposure management, where vendors are trying to connect discovery, validation and remediation more closely.

Market Pressure

The announcement reflects a wider shift in cyber security as AI changes both defensive and offensive activity. Security teams can use AI models to uncover flaws faster, while attackers can use similar systems to analyse weaknesses and shorten the time needed to exploit them.

That dynamic is increasing the importance of validation. A growing volume of findings can overwhelm internal teams if they cannot distinguish between theoretical issues and vulnerabilities that present an immediate route into systems or data.

In many businesses, this has created a backlog problem. Security leaders have long complained that scanning tools and bug reports often generate more issues than engineering teams can realistically fix, forcing them to rely on triage systems that may miss the most urgent threats.

HackerOne's approach is to use AI to process submissions at scale while keeping human expertise in the loop to judge exploitability and priority. The company did not disclose pricing or customer numbers for the new product.

Its existing business includes bug bounty programmes, vulnerability disclosure services, penetration testing and AI security testing. Customers listed by HackerOne include businesses in finance, transport and technology, as well as government bodies.

Nidhi Aggarwal, chief product officer at HackerOne, outlined the company's view of the issue in a statement accompanying the launch.

"AI is accelerating both the volume and the sophistication of vulnerabilities," Aggarwal said. "AI is increasingly exploiting complex attack paths and multi-step chains, and the time to exploit them is shrinking. h1 Validation helps organisations keep up by combining agentic AI and human expertise to quickly determine what is actually exploitable, deliver clear remediation steps, and reduce the time from find to fix."

Related stories
One-third of FIFA World Cup partners lack email protection
Damisa teams up with dLocal to expand APAC settlement
Coalition launches standards for greener AI data centres
Tata Steel expands Google Cloud AI across global operations
SAS & Notilyze aid FairClimateFund carbon tracking

Top stories

How executive profiling drives growth in B2B tech
PepsiCo revamps APAC Greenhouse for startup rollouts
CodeRabbit launches Slack agent for engineering teams
SEON eyes doubling Indonesia revenue as fraud risk rises
CoinGecko adds market intelligence tools & partner platform