IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Email attachment20260319 397718 mhgso7
#
Data Protection
#
DevOps
#
Cloud Security

HackerOne unveils live agentic AI prompt injection tests

Thu, 19th Mar 2026
Author image
By Catherine Knowles, News Editor

HackerOne has launched a testing service designed to determine whether prompt injection attacks against AI systems can lead to real-world data exposure or misuse of connected tools.

HackerOne has recorded a 540% year-on-year increase in validated prompt injection vulnerabilities reported on its platform. The launch reflects growing concern among security leaders about the gap between AI security testing in controlled settings and behaviour in live deployments.

Prompt injection involves manipulating inputs to change how a model responds. In enterprise environments, the risk increases when an AI system is connected to internal data sources, retrieval pipelines, or software tools that can act on a user's behalf. Attackers can use crafted prompts to override intended behaviour, extract restricted information, or trigger unexpected actions.

Many organisations have focused on defences that filter suspicious prompts at the user interface. Practitioners have also developed policies, guardrails, and model configuration controls. While these measures can reduce the chance a model follows harmful instructions, they do not always show whether an attacker can achieve an end-to-end outcome in production.

Live Exploit Evidence

The new service, called Agentic Prompt Injection Testing, forms part of HackerOne's AI Red Teaming and LLM Application Pentesting engagements.

The approach runs structured, multi-turn adversarial attacks against live large language model applications. The process tests whether prompt injection vulnerabilities can be exploited end to end, rather than stopping at a model response that appears unsafe in isolation.

Testing also covers indirect prompt injection scenarios that can arise through retrieval pipelines and tool workflows-cases where content retrieved from a data source, or introduced through another system, becomes part of a prompt. The service then checks whether those paths can expose real data or enable misuse of tools connected to the AI system.

HackerOne produces reproducible findings with severity assessments for security teams. The goal is to provide evidence that a deployed system can be exploited, rather than a description of theoretical risk.

Broader AI Rollouts

Enterprises are moving from AI experiments to deployments that connect models to internal documents, customer data, and operational systems. That shift changes the impact of a successful attack: a manipulated prompt may not only affect a chat response, but also influence how an AI agent queries internal repositories, drafts messages, creates tickets, or calls external services.

Security teams are also adapting established testing methods to AI applications. Traditional penetration testing and red teaming have focused on web applications, APIs, identity systems, and cloud configurations. AI introduces different failure modes and a new category of user interaction, where language can act as an interface for data access and actions.

HackerOne built the new capability based on work securing AI models and deployments for organisations including Anthropic, IBM, Snap, Adobe, and eBay. It positions the service as a blend of agentic exploit testing and expert-led adversarial testing from its community of security researchers.

Nidhi Aggarwal, chief product officer at HackerOne, described prompt injection as an emerging risk that changes how organisations should validate AI security.

"Prompt injection has quickly become a severe risk to deployed AI systems because it can transform a trusted application into an attack surface," Aggarwal said.
"Security teams can't rely on static controls or runtime filters alone. They need validated proof of whether an AI system can be exploited once it's connected to real data and tools. Agentic Prompt Injection Testing delivers that evidence, enabling organisations to identify confirmed exposure and reduce risk before it impacts the business," she said.

Cisco's Omar Santos, who works on AI security and co-chairs the project governing board of the Coalition for Secure AI, also commented on the announcement.

"AI is advancing at an unprecedented pace, and security must keep up," said Santos. "The future leading organisations will be defined not just by AI innovation, but by how well they secure it. Rigourous validation under adversarial conditions is becoming fundamental to building trustworthy AI systems and raising the bar for the industry."

Agentic Prompt Injection Testing now sits alongside HackerOne's existing AI-focused offerings, including AI red teaming and testing for applications built on large language models. The service extends its continuous exposure validation work to AI systems already in production.

Related stories
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Testlio launches AI chatbot testing service amid scrutiny
Dropbox launches three apps inside ChatGPT for work

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment