What it is
HackerOne uses “Hackbots” as its term for AI-powered assistants and agents used in vulnerability discovery workflows. The February 2025 HackerOne post is not a single vulnerability finding; it is a policy milestone for how platforms can allow AI-accelerated hacking without dropping accountability.
Why it is in the systems index
Bugflation is partly a technical story and partly a market-structure story. If AI-assisted tools increase submission volume, platforms need rules for scope, oversight, validation, and responsibility.
HackerOne’s public principles are useful because they make the governance layer explicit:
- Hackbots must follow program policies and platform rules.
- Human experts must validate and confirm findings before submission.
- Operators are accountable for their systems.
- Human operators remain bounty eligible.
What we do not count
This profile does not add to the findings count. It appears in the systems index because policy infrastructure changes the supply curve: more automated finding attempts become acceptable only when validation and accountability scale with them.