HackerOne Payouts Hit $81 Million: AI Vulnerability Reports Soar by Over 200%

The vulnerability rewards platform HackerOne has announced that over the past twelve months, white-hat hackers around the world have earned a total of $81 million in payouts — a 13% increase compared to the previous year.

Today, HackerOne operates more than 1,950 bug bounty programs and provides services in vulnerability disclosure, penetration testing, and code security assessment. Its clients include Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and several government agencies — among them the U.S. Department of Defense.

On average, active programs pay researchers around $42,000 annually. The top 100 programs on the platform collectively paid out $51 million between July 2024 and June 2025, with the top ten accounting for $21.6 million of that total.

At the individual level, researcher earnings are also rising: the top 100 bug hunters have earned a combined $31.8 million to date, with a growing number now achieving six-figure annual incomes.

HackerOne attributes this sharp increase in payouts to the rapid expansion of AI-related vulnerability research. Over the past year, the number of AI vulnerability reports surged by more than 200%, while prompt injection cases rose by an astonishing 540%, making it the fastest-growing threat category in the AI landscape.

Meanwhile, traditional vulnerabilities such as XSS and SQL injections have become less common, though authorization flaws — including improper access control and IDOR (Insecure Direct Object Reference) — have shown a notable rise.

According to the report, as of 2025, 1,121 HackerOne programs include AI technologies within their testing scope — a 270% increase year over year. Notably, more than 560 validated reports were submitted by autonomous AI agents.

The company emphasizes that the use of AI-powered tools is becoming an integral part of researchers’ workflows. Among 1,820 surveyed specialists, 70% admitted to leveraging such tools to enhance their efficiency in discovering vulnerabilities.

“AI vulnerabilities have increased by over 200% in just one year, while corporate initiatives to prevent them are growing three times faster than last year,” stated HackerOne CEO Mårten Mickos. “A new generation of so-called bionic hackers — those who harness artificial intelligence to amplify their own capabilities — is uncovering vulnerabilities on an unprecedented scale.”

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy