Human Hackers Dethroned: An AI Takes Top Spot on HackerOne
The top spot in HackerOne’s global ranking is no longer held by a human, but by a machine. Behind the alias “XBOW” is not a living researcher, but an AI-driven system that has already uncovered 255 vulnerabilities. Despite this remarkable achievement, XBOW is not yet an autonomous “bounty hunter.” It is a creation of Offensive Security, designed to deploy specialized agents for the automated discovery of security flaws.
The widespread adoption of such tools is leaving a tangible mark on the ecosystem. According to HackerOne, the number of verified vulnerabilities rose by 12% over the past year, surpassing 78,000 findings—more than a quarter of which were deemed critical or high severity. Yet, the platforms emphasize that while technology is vital, the human element remains equally indispensable.
In an interview, HackerOne co-founder Michiel Prins noted that AI hackers operate at unmatched speeds, require no rest, and consistently outperform in terms of quantity. However, when it comes to quality—particularly in identifying logical flaws with real business implications—human participants still reign supreme. The most pivotal and destructive vulnerabilities continue to be discovered by people.
The boundary between human and machine, however, is growing increasingly blurred. According to Prins, many seasoned bug hunters have already integrated AI tools into their workflows, using them to gather signals, generate hypotheses, and accelerate analysis. He refers to such individuals as “bionic hackers”—humans augmented by algorithms.
The surge in productivity is felt across the board: researchers are identifying more vulnerabilities and receiving payouts, while companies are mitigating risks more swiftly. The average bounty today stands at $1,116—a 10% decrease from 2021’s peak of $1,246. Yet critical flaws can still command rewards in the tens of thousands.
Nonetheless, automation is not without its darker aspects. AI is increasingly being used not just to find bugs but also to generate vulnerability reports—some of which are misleading or entirely inaccurate. Certain vulnerabilities stem from hallucinations of the model, while others are grossly exaggerated. Although the frequency of such false reports has diminished, the issue persists. The greatest current threat lies in emotionally dramatized submissions that inflate the severity of findings and violate the principles of verifiability.
An effective report, Prins insists, must focus on cold, verifiable facts: how the vulnerability functions, how it can be reproduced, and what business impact it poses. No theatrics, no hypotheticals. Here again, the human touch is crucial—to provide context before analysis and to filter results afterward. The human operator must bear responsibility for submitting the report: if a bug cannot be reliably reproduced, it has no place in the system.
Vulnerabilities involving business logic errors—those in which an unforeseen manipulation disrupts an entire operational process with cascading consequences—remain outside the reach of current AI capabilities. Prins emphasizes that such issues demand more than access to code or interfaces; they require a profound understanding of how systems function as a whole. This depth of comprehension still eludes machines—but time to maintain the lead is running out.
