HackerOne, a leading bug bounty platform, has paid out an unprecedented $81 million in rewards to white-hat hackers worldwide over the past 12 months. This figure represents a 13% increase from the previous year and marks a significant milestone for the company. The growth in bug bounty programs and payouts highlights the increasing importance of cybersecurity and the growing demand for skilled white-hat hackers.
For more information on HackerOne's record-breaking year, read our latest article:
HackerOne paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months, a 13% increase from the previous year.
The top 100 bug bounty programs on HackerOne's platform have paid out $51 million since July 1, 2024, and June 30, 2025.
The number of AI vulnerabilities has increased by more than 200%, with prompt injection vulnerabilities surging by 540%.
Security issues like XSS and SQLi are in decline, while authorization flaws are on the rise.
70% of over 1,820 researchers surveyed have used AI tools to enhance their hunting abilities.
The demand for skilled white-hat hackers is growing due to the increasing importance of cybersecurity.
HackerOne, a leading bug bounty platform, has announced that it paid out an unprecedented $81 million in rewards to white-hat hackers worldwide over the past 12 months. This figure represents a 13% increase from the previous year and marks a significant milestone for the company, which manages over 1,950 bug bounty programs across various industries.
The top 100 bug bounty programs on HackerOne's platform have paid out $51 million between July 1, 2024, and June 30, 2025. This includes notable companies such as Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and government agencies like the U.S. Department of Defense.
"In the past 12 months, HackerOne bug bounty programs collectively paid out $81 million, an increase of 13% YoY," said HackerOne in a statement. "The top 10 programs alone accounted for $21.6 million." At the researcher level, the top 100 all-time earners took a total of $31.8M, with individual researchers now consistently surpassing six-figure annual earnings.
HackerOne noted that the number of AI vulnerabilities has increased by more than 200%, with prompt injection vulnerabilities surging by a staggering 540%. This confirms prompt injection as the quickest-growing threat in AI security.
At the same time, security issues such as XSS (cross-site scripting) and SQLi (SQL injection) are in decline. Instead, authorization flaws, including improper access control and IDOR (insecure direct object reference), are experiencing a significant increase in reports.
In total, 1,121 bug bounty programs on HackerOne included AI in scope in 2025, a 270% increase YoY, with autonomous AI-powered agents submitting 560+ valid reports. The company added that 70% of over 1,820 researchers surveyed over the last year have used AI tools in their workflow "to enhance their hunting abilities."
"Ai vulnerabilities increased by more than 200% this year, while enterprises expanded Ai security initiatives at nearly three times last year's pace," said Kara Sprague, HackerOne CEO. "At the same time, a new generation of 'bionic hackers'—security researchers using AI to enhance their hunting abilities—are driving the discovery of security issues at unprecedented scale."
The growth in bug bounty programs and payouts highlights the increasing importance of cybersecurity and the growing demand for skilled white-hat hackers.
Summary:
HackerOne, a leading bug bounty platform, has paid out an unprecedented $81 million in rewards to white-hat hackers worldwide over the past 12 months. This figure represents a 13% increase from the previous year and marks a significant milestone for the company. The growth in bug bounty programs and payouts highlights the increasing importance of cybersecurity and the growing demand for skilled white-hat hackers.
