SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Flux result e59d91af fbe5 47cd aa0b 25c379752232
#
DevOps
#
Cloud Security
#
Application Security

HackerOne launches h1 Validation to verify exploitable flaws

Wed, 22nd Apr 2026 (Yesterday)
Author image
By Catherine Knowles, News Editor

HackerOne has introduced h1 Validation, a service designed to help enterprises assess whether AI-discovered vulnerabilities are actually exploitable. The launch comes as vulnerability submissions on its platform continue to rise sharply.

The offering is intended to help security and engineering teams manage a growing volume of findings generated by frontier AI models, including systems such as Claude Mythos and OpenAI's GPT-5.4-Cyber. It combines automated analysis with human review to determine which flaws can be exploited in practice and to guide remediation.

The move reflects a broader shift in cyber security as advances in AI increase the speed and scale of vulnerability discovery. HackerOne said submissions on its platform rose 76% year on year, reaching a record high in March 2026.

That increase has not reduced the share of issues posing a genuine threat. About 25% of findings were confirmed as exploitable, a rate HackerOne said has remained stable despite the higher volume. As a result, the total number of real vulnerabilities has continued to grow.

The severity of reported flaws has also increased, with 32% classed as critical or high severity, up from a historical baseline of 26% to 28%.

At the same time, the window between public disclosure and active exploitation has narrowed to hours, according to HackerOne. Remediation speed improved 19% year on year, but that pace has not kept up with the increase in disclosures, leaving organisations with record backlogs.

Rising Pressure

These figures highlight a growing problem for security teams in large organisations: more issues are being found, more are serious, and defenders have less time to decide which require immediate action. For companies relying on bug bounty programmes, internal testing and external reporting, triage has become a heavier operational burden.

HackerOne's new service is designed to sit between discovery and remediation. Rather than treating every reported vulnerability as equally urgent, h1 Validation focuses on testing exploitability so teams can rank findings by real-world risk.

The service is also intended to address more complex attack paths. As AI systems identify multi-step weaknesses and linked exposures, security teams may need more than a simple proof of concept to determine whether a vulnerability can be turned into a practical attack.

Nidhi Aggarwal, Chief Product Officer at HackerOne, said the increase in AI-assisted discovery is changing the workload facing defenders.

"AI is accelerating both the volume and the sophistication of vulnerabilities," Aggarwal said.

"AI is increasingly exploiting complex attack paths and multi-step chains, and the time to exploit them is shrinking. h1 Validation helps organizations keep up by combining agentic AI and human expertise to quickly determine what is actually exploitable, deliver clear remediation steps, and reduce the time from find to fix," she added.

Validation Focus

HackerOne has positioned the new product around continuous validation rather than discovery alone. That reflects a growing concern among cyber security teams that finding more weaknesses does not necessarily improve security if organisations cannot verify and fix them quickly enough.

In practice, exploitability testing can help teams decide whether a vulnerability should be escalated immediately, scheduled for later remediation, or deprioritised. For large enterprises handling thousands of findings across cloud infrastructure, applications and internal systems, that distinction can shape both staffing and risk management.

HackerOne said h1 Validation is built to handle high submission volumes and more complex findings. It is intended to shorten the path from identifying a flaw to confirming whether it presents a real attack route.

The launch also highlights how cyber security vendors are adapting as generative and specialist AI tools reshape both offensive and defensive workflows. Models that identify weaknesses more quickly may help defenders uncover flaws earlier, but they can also increase pressure on remediation teams if every finding requires manual investigation.

For enterprises, the challenge is no longer simply that more vulnerabilities will be found, but how to decide which matter most. HackerOne's platform data suggests the issue now extends beyond rising report volumes to a growing stock of serious and exploitable flaws that require action within a much shorter timeframe.

Related stories
Check Point teams with Google Cloud on AI agent security
Western Digital details sustainability gains amid AI demand
Claroty appoints John Ryan to lead global partner push
Gigamon launches AI tools as observability market grows
LevelBlue warns of GhostOps risk from rogue AI agents

Top stories

One-third of FIFA World Cup partners lack email protection
CrowdStrike expands Google Cloud security & wins award
Claude Code can leak secrets in public npm packages
Saviynt names Tim Wedande APJ Field Chief Technology Officer
Exabeam widens AI agent monitoring for Google tools