HackerOne, a number one platform in offensive safety, introduced it has paid out a complete of $81 million in bug bounties to its world group of white-hat hackers over the previous 12 months.
This determine, detailed within the firm’s ninth annual Hacker-Powered Safety Report, marks a 13% improve from the earlier 12 months, highlighting the rising reliance on crowdsourced safety to defend in opposition to evolving cyber threats. The report covers the interval from July 1, 2024, to June 30, 2025.
The findings underscore a big return on funding for organizations using bug bounty packages. For each greenback spent on bounties, corporations saved a median of $15, culminating in an estimated $3 billion in mitigated monetary losses from potential breaches.
This 15x return demonstrates the monetary efficacy of leveraging moral hackers to determine and remediate vulnerabilities earlier than they are often exploited by malicious actors.
Emergence of “Bionic Hackers”
A central theme of the 2025 report is the emergence of the “bionic hacker” safety researchers who prolong their experience with synthetic intelligence.
This synergy of human creativity and AI-driven automation is reshaping the safety panorama. In response to HackerOne, there was a 210% surge in legitimate AI-related vulnerability reviews since 2024, with researchers more and more targeted on testing AI and machine studying techniques.
The report signifies that 67% of surveyed researchers now use AI or automation instruments to speed up reconnaissance and testing. The platform has additionally seen the appearance of “hackbots,” autonomous AI brokers which have submitted 560 legitimate reviews, primarily figuring out surface-level flaws like Cross-Web site Scripting (XSS).
Whereas human ingenuity stays essential for uncovering complicated enterprise logic and multi-step exploits, AI is proving to be a robust drive multiplier.
The distribution of the $81 million in bounties reveals key business priorities and threat areas. The expertise sector, significantly laptop software program and web companies, led in complete payouts.
Laptop Software program packages accounted for over $9.7 million in bounties, whereas the highest 10 packages on the platform paid out a mixed $21.6 million.
Vulnerability traits present a shift in focus. Whereas payouts for frequent bugs like XSS are declining, rewards for extra vital points resembling Improper Entry Management (IAC) and Insecure Direct Object Reference (IDOR) are on the rise.
IDOR-related rewards elevated by 23% and legitimate reviews grew by 29%, signaling that attackers and researchers are concentrating on authorization and entry management weaknesses.
The report emphasizes that the way forward for cybersecurity belongs to organizations that may successfully mix human experience with AI-powered instruments to remain forward of adversaries in a quickly altering menace atmosphere.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
