HackerOne: Ethical Hacker Community Surpasses $300 Million In All-Time Rewards

By Amit Chowdhry • Nov 1, 2023

HackerOne – a leader in Attack Resistance – recently announced its ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform. And thirty hackers have also earned more than one million dollars on the platform, with one hacker surpassing four million dollars in total earnings.

The newly released 2023 Hacker-Powered Security Report, hackers are finding opportunities to earn more by diversifying their skill sets as emerging technology reshapes the threat landscape. And 55% of hackers plan for Generative AI (GenAI) to become a top target in the coming years. Crypto and blockchain organizations can continue to see strong program engagement, offering the highest average overall rewards for hackers and awarding the year’s top payout of $100,050. Plus, customers also expanded how they use hackers outside of traditional bug bounty, as pentesting engagements increased by 54% on the platform this year.

The 2023 Hacker-Powered Security Report features perspectives from the hacker community and insights from the world’s largest database of vulnerabilities and bug bounty customer programs. And data reveals the hacker community’s point of view on generative AI (GenAI), the top vulnerabilities for different types of attack resistance programs, key vulnerability trends across industries, average bounty prices, and the motivations of the hacker community.

The key findings from the report include:

— Hackers continue experimenting with GenAI, as 61% of hackers said they will use and develop hacking tools from GenAI to find more vulnerabilities. Another 62% of hackers plan to specialize in the OWASP Top 10 for Large Language Models. And hackers also said they plan to use GenAI to write better reports (66%) or code (53%) and reduce language barriers (33%).

— Hackers have reported insufficient in-house talent and expertise as the top challenge for organizations, and hackers are filling this gap: 70% of customers stated hacker efforts have helped them avoid a significant cyber incident.

— About 57% of HackerOne customers believe exploited vulnerabilities are the greatest threat to their organizations, over phishing (22%), insider threats (12%), and nation-state actors (10%).

— Customers are able to get faster at fixing vulnerabilities as the average platform-wide remediation time dropped 10 days in 2023. And automotive, media and entertainment, and government verticals saw the biggest decrease in time to remediation with an over 50% improvement.

— Organizations are reducing costs by embracing human-centered security testing sooner in their software development lifecycles, with customers saving an estimated $18,000 from security experts reviewing their code before release.

The annual Hacker-Powered Security Report was based on data from HackerOne’s vulnerability database and gathered views from HackerOne customers and more than 2,000 hackers on the platform. And it was compiled between June 2022 and September 2023.

KEY QUOTE:

“Organizations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers. The Hacker-Powered Security Report makes clear that hackers are actively growing their skillsets to meet emerging threats. The versatility of hackers and the impact of the vulnerabilities they surface make them instrumental to how our customers anticipate and address risk.”

— Chris Evans, HackerOne CISO and Chief Hacking Officer