Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the previous 12 months.
HackerOne manages over 1,950 bug bounty applications and gives vulnerability disclosure, penetration testing, and code safety companies to many organizations.
Its listing of consumers contains high-profile firms resembling Anthropic, Crypto.com, Normal Motors, GitHub, Goldman Sachs, Uber, and authorities businesses just like the U.S. Division of Protection.
In accordance with a report printed earlier this week, the typical yearly payout throughout all energetic applications is roughly $42,000. In the meantime, the highest 100 bug bounty applications on the platform have paid out $51 million between July 1, 2024, and June 30, 2025.
“Previously 12 months, HackerOne bug bounty applications collectively paid out $81 million, a rise of 13% YoY. The highest 10 applications alone accounted for $21.6 million,” the corporate stated.
“On the researcher stage, the High 100 all-time earners took a complete of $31.8M, with particular person researchers now constantly surpassing six-figure annual earnings.”
HackerOne famous that the variety of AI vulnerabilities has elevated by greater than 200%, with immediate injection vulnerabilities surging by a staggering 540%, confirming them because the quickest-growing menace in AI safety.
On the similar time, safety points resembling XSS (cross-site scripting) and SQLi (SQL injection) are in decline, whereas authorization flaws, together with improper entry management and IDOR (insecure direct object reference), are experiencing a major enhance in experiences.
In complete, 1,121 bug bounty applications on HackerOne included AI in scope in 2025, a 270% enhance YoY, with autonomous AI-powered brokers submitting 560+ legitimate experiences.
The corporate added that 70% of over 1,820 researchers surveyed during the last 12 months have used AI instruments of their workflow “to reinforce their searching talents.”
“AI vulnerabilities elevated by greater than 200% this 12 months, whereas enterprises expanded AI safety initiatives at almost thrice final 12 months’s tempo,” stated HackerOne CEO Kara Sprague.
“On the similar time, a brand new era of ‘bionic hackers’—safety researchers utilizing AI to reinforce their searching talents—are driving the invention of safety points at unprecedented scale.”
Be part of the Breach and Assault Simulation Summit and expertise the way forward for safety validation. Hear from prime consultants and see how AI-powered BAS is remodeling breach and assault simulation.
Do not miss the occasion that may form the way forward for your safety technique
