The rise of the bionic hacker
A new report from HackerOne shows how the rapid adoption of artificial intelligence (AI) is transforming both attack and defense. It also examines the convergence of safety and security into a single trust challenge for AI systems in production.
Kara Sprague, CEO of HackerOne, said AI vulnerabilities increased by more than 200% this year, while enterprises expanded AI security initiatives at nearly three times last year’s pace. “At the same time, a new generation of ‘bionic hackers’—security researchers using AI to enhance their hunting abilities—are driving the discovery of security issues at unprecedented scale,” Sprague said.
Key findings from the report include:
- Researchers are now AI-native: 70% of surveyed researchers now use AI tools in their workflow.
- AI in production is expanding exponentially: 1,121 distinct customer programs included AI in scope in 2025, a 270% increase year over year.
- Prompt injection tops the threat list: Valid reports of prompt injection rose 540%, highlighting the difficulty of controlling how models interpret user inputs.
- Crowdsourced security delivers: Across HackerOne programs, $3 billion in breach losses was avoided in 2025, with measurements based on HackerOne’s Return on Mitigation (RoM) methodology.
- Researchers break new earning records: HackerOne bug bounty programs collectively paid out $81 million, an increase of 13% from last year.
- Fully autonomous Hackbots emerge: Autonomous agents submitted 560+ valid reports, which HackerOne says “signals the start of the hackbot arms race”.
The results will be discussed in detail during a webinar on October 15.