03.10.2025
2 min
604
The HackerOne platform said it paid out $81 million in bounties to ethical hackers worldwide over the past 12 months, up 13% from the previous year and demonstrating the rapid growth of the responsible vulnerability disclosure market.
HackerOne manages more than 1,950 bug bounty programs and works with companies such as Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber and even the US Department of Defense.
During that period, the average annual income of a participant in active programs was $42,000, and the top 100 programs paid out a total of $51 million. The most successful researchers consistently earn six-figure sums per year. The ten largest programs alone provided bounties of $21.6 million.
The growth in the number of findings is associated with the rapid development of AI. The number of vulnerabilities in AI has increased by 200%, and prompt injection by 540%. At the same time, classic problems such as XSS and SQLi are showing a decline, while IDOR and access control errors are gaining popularity.
In 2025, 1,121 programs on HackerOne included AI vulnerabilities in their scope, which is 270% more than last year. There were even more than 560 valid reports from autonomous AI agents. According to the company, 70% of researchers are already integrating AI tools into their workflow, creating a new wave of so-called “bionic hackers”. This allows them to detect problems on a scale that was previously impossible to achieve.
HackerOne remains a key player in the bug bounty industry, showing that cybersecurity is increasingly moving into a partnership between business and researchers. Record payouts and growing role of AI show that the vulnerability industry is becoming an important element of global digital security.
