Martijn Russchen
Lead Product Manager

Introducing HackerOne's Hai API: Revolutionize Your Workflow Automation with AI

Hai API

We want our customers to have seamless access to their report and program data, paving the way for enhanced workflow automation. The Hai API has, therefore, been designed specifically for customers seeking efficient interaction and automation capabilities.

Hai is HackerOne’s embedded AI assistant designed to make your journey through vulnerability reports and hacker interactions smoother and more insightful.

The Hai API is an API endpoint part of the official HackerOne API, offering customers the option to integrate external systems and custom scripts for streamlined automation with Hai. This mirrors all functionalities present in the Hai chat interface, allowing users to replicate and enhance their existing workflows. 

Unlocking the Power of the Hai API

At HackerOne, we believe in practicing what we preach. To help get an idea of what's possible with the Hai API, we built our own automation powered by the Hai API to automate common workflows within our bug bounty program that were once manual processes.

The Challenge: Report Management

As a Bug Bounty program manager, one of the ongoing challenges is effectively managing and routing vulnerability reports. With numerous reports flooding in, it’s essential to determine which engineering team should handle each one. 

We needed a way to analyze and triage reports quickly, find the right owner, and route it to the appropriate team's inbox.

The Solution: Harness the Power of AI for Report Automation

To tackle this, we turned to Hai, our own HackerOne AI. Report Automation was born out of a need to streamline the report management process and leverage AI for smarter triaging. 

This script lets us fetch reports based on specific criteria, send them to the AI for analysis, and automatically update custom fields.

Putting It to the Test

We started using the script internally, rigorously testing it to ensure it met our needs. 

Here’s how it works in practice:

  1. Fetching Reports: The script retrieves reports that match our specified filters, such as program, severity, and state. This allows us to focus on the most critical issues first.
  2. AI-Powered Triage: Reports are sent to HackerOne AI for assessment. The AI evaluates each report and provides insights, helping us determine the validity and urgency of the issues.
  3. Automated Actions: Based on the AI’s response, the script can post private comments on reports, update custom fields, and export responses to a CSV file for further analysis.

A Game-Changer for Team Efficiency

One of the most significant benefits we’ve seen is setting custom fields in the reports. By tagging reports with specific attributes, we can filter them more effectively and create dedicated inboxes for each engineering team. 

This means that each team has a clear view of the reports relevant to them, streamlining the workflow and ensuring that nothing slips through the cracks.

Hai API


Accelerating Vulnerability Remediation

Using the Report Automation tool, we’ve analyzed a large volume of reports simultaneously. This drastically reduces the time spent on manual triaging and allows us to focus more on addressing the vulnerabilities. 

The custom fields and team-specific inboxes have improved our organization, making it easier for teams to manage workloads and collaborate more effectively.

Join Us On This Journey

We’re excited about the potential of the Report Automation tool built through the Hai API and invite the community to contribute. We've open-sourced the script so anyone can help. Whether you have ideas for new features or want to help refine existing ones, we welcome your input. 
Together, we can make Hai even more powerful and efficient.

Want to dive deeper into Hai? Click here to learn more.

The Ultimate Guide to Managing Ethical and Security Risks in AI

AI Ebook