HackerOne CEO Kara Sprague on How AI Is Reshaping Cybersecurity

Frontier AI models are reshaping the cyber threat landscape by automating code generation and exploit creation at unprecedented speed. As enterprises embed AI across applications, the attack surface widens, and AI‑generated code often lacks the hardening of human‑written software. This convergence has driven a dramatic compression in exploit timelines—what once took years now unfolds in hours or minutes—forcing security leaders to rethink risk assessments and prioritize rapid response mechanisms.

The operational fallout is evident: security teams are drowning in a surge of vulnerability reports, with HackerOne observing a 76% YoY increase among its Fortune 500 clientele. Traditional find‑to‑fix pipelines, riddled with handoffs between AppSec, DevOps, and SecOps, cannot keep pace. Companies are turning to agentic testing—AI‑driven tools that emulate adversary behavior—to surface critical flaws earlier, while AI‑assisted validation helps sift signal from noise. Integrated workflows that embed remediation directly into development cycles are emerging as a necessity, not a luxury, to shrink backlogs and close the exposure gap.

Human expertise remains indispensable despite AI’s advances. Nearly 90% of HackerOne’s researcher community now leverages frontier models to discover high‑volume issues, yet they focus their strategic effort on complex logic flaws and architectural weaknesses that AI alone cannot resolve. This shift elevates the market value of deep‑skill security talent and drives a premium on sophisticated vulnerability remediation. Organizations that fuse AI capabilities with skilled human oversight—and that treat vulnerability management as a time‑critical, context‑rich process—will gain a decisive edge in the evolving cyber risk arena.