Hacker-Powered Security Report 2025
Now in its 9th year, the report benchmarks how enterprises are confronting AI risk, closing exposure gaps, and adapting to faster, more persistent attackers.
Built on 580,000+ validated vulnerabilities, $81M in payouts this year, and insights from 1,950 enterprise programs, this year’s report highlights how organisations are reducing risk and providing security outcomes.
Key Insights for 2025:
- AI is now the attack surface
210% surge in valid AI vulnerabilities
Prompt injection up 540% - fastest-growing attack vector - Security outcomes you can prove
$3B in breach losses avoided
15x return on mitigation across HackerOne programmes - What CISOs are seeing
72% report increased concern over AI risk
270% growth in programmes with AI in scope - Why human security researchers still matter
58% say AI misses business logic & chained exploits
Only 12% believe AI could replace human researchers - Data that drives resilience
$81M in bounties paid in 2025
Insights from 1,950 enterprise programmes
580,000+ valid vulnerabilities logged to date
