Here you go, HackerOne paid out $81 million in the past year to hackers. Wow, right? That is a lot of cash going out to people who spend their days finding security bugs. This only helps to show how prevalent bug hunting has become, and this is now part of a rational strategic investment for companies.
Some notable companies that use HackerOne include Uber, GitHub, Goldman Sachs, and the United States Army and the Department of Defense. Also in the last year, HackerOne launched close to 2,000 programs in organizations across the globe.
Here is the best part - this $81 payout is 13% over the previous year and shows how fast bug hunting is evolving.
• Reports of prompt injection bugs (which is code for the hackers tricking AI into doing bad things) increased over 500%.
• Old-school bugs like XSS and SQL injections are trending downward.
• Access-related bugs (such as broken permissions or IDORs) are trending upward.
Additionally, over 1,100 of these programs now incorporate AI into their scope — a whopping increase of 270% year over year alone. And here's something interesting: over 70% of hackers are using AI tools to help them find bugs quicker.
• Companies save money by employing hackers to discover bugs first prior to the actual bad actors finding those bugs.
• The hackers are paid fair compensation for their skills.
• AI is changing the game both as a tool for hackers, and as a new target for bugs.
Sure there is competition, but competition helps push all players to get better.
If you have ever had the thought of looking into bug bounties now might be the best time to do that., In a year you might be in the $81 million club.
So, what is HackerOne?
HackerOne is a platform where companies invite hackers (not the criminal type) to find vulnerabilities in their systems. When they find the vulnerabilities, they are rewarded, and the more impactful the vulnerability, the larger the reward.Some notable companies that use HackerOne include Uber, GitHub, Goldman Sachs, and the United States Army and the Department of Defense. Also in the last year, HackerOne launched close to 2,000 programs in organizations across the globe.
Here is the best part - this $81 payout is 13% over the previous year and shows how fast bug hunting is evolving.
Who is earning the money?
- The top 100 programs paid out about $51 million.
- The top 10 programs alone paid out $21.6 million.
- The top 100 hackers collectively earned $31.8 million.
What sorts of bugs are trending at this time?
• AI bugs are exploding in volume. Reports of AI bugs increased over 200%.• Reports of prompt injection bugs (which is code for the hackers tricking AI into doing bad things) increased over 500%.
• Old-school bugs like XSS and SQL injections are trending downward.
• Access-related bugs (such as broken permissions or IDORs) are trending upward.
Additionally, over 1,100 of these programs now incorporate AI into their scope — a whopping increase of 270% year over year alone. And here's something interesting: over 70% of hackers are using AI tools to help them find bugs quicker.
Why it matters
Why should we care? A few reasons:• Companies save money by employing hackers to discover bugs first prior to the actual bad actors finding those bugs.
• The hackers are paid fair compensation for their skills.
• AI is changing the game both as a tool for hackers, and as a new target for bugs.
Sure there is competition, but competition helps push all players to get better.
Wrap up
So there you have it. HackerOne has paid out $81 million in bounties in the past year, and that is the proof that ethical hacking is not just a hobby it is a career.If you have ever had the thought of looking into bug bounties now might be the best time to do that., In a year you might be in the $81 million club.
