HackerOne links validated flaws to Wiz cloud platform

HackerOne has integrated its security findings with the Wiz cloud security platform, bringing HackerOne data into Wiz, part of Google Cloud.

The integration targets security teams facing a growing volume of vulnerability reports and a declining remediation rate. HackerOne said submissions on its platform rose 76% year on year in March, while resolution rates fell from 73% to 27% over the past year.

Under the arrangement, validated vulnerabilities from HackerOne programmes including bug bounty, vulnerability disclosure, pentesting and AI red teaming are mapped to the affected cloud environments inside Wiz. This is intended to give users a clearer view of risk across infrastructure, identities and data.

As cloud estates expand and AI systems create new attack surfaces, security teams are under pressure to decide which flaws need immediate attention. The integration is designed to show which findings are supported by evidence of real exploitability rather than theoretical risk.

It also links HackerOne findings with Wiz's Security Graph and Attack Surface Management tools, allowing users to trace a vulnerability's potential impact across related assets in a cloud environment.

Backlog pressure

The launch comes amid broader strain on security operations teams, which are processing more reports than they can quickly resolve. HackerOne linked part of that trend to the rise of advanced AI models, which it said are accelerating vulnerability discovery while remediation struggles to keep pace.

For companies running large cloud environments, that mismatch can create a backlog of unresolved findings, ranging from minor issues to severe weaknesses. By combining exploit evidence with cloud context, the integration aims to help teams focus limited remediation resources where they matter most.

"Context is what turns security findings into meaningful action," said Oron Noah, VP Product, Extensibility & Partnerships at Wiz.

"Through our partnership with HackerOne, customers can bring validated exploitability into the broader context of their cloud environments. The integration helps teams focus on the biggest risks so they can prioritise remediation with greater clarity and confidence."

HackerOne said the link is part of its PartnerOne Technology Alliance Program, which brings together integrations with other security and technology vendors. It described the effort as a way to connect discovery, validation, prioritisation and remediation in a single workflow.

Workflow link

For customers, the practical use case is to move a confirmed vulnerability from discovery into the systems where cloud security teams already investigate and manage exposure. Rather than handling bug bounty or disclosure findings in isolation, teams can view them alongside cloud assets and identity relationships.

That can help security staff assess what the company described as the blast radius of a flaw, or the extent of systems and data that may be affected if a weakness is exploited. It also gives cloud and security teams a shared view in the same platform.

John Addeo, VP of Global Channels at HackerOne, said the broader goal was to improve interoperability between security products used by the same customers.

"PartnerOne is built around a simple idea: customers get stronger security outcomes when the tools they rely on work better together. Our partnership with Wiz reflects that mission by bringing validated risk into the cloud security workflows teams already use. Together, we're helping teams close the gap between discovery and remediation by moving from reactive vulnerability management to proactive exposure reduction."

The announcement reflects a broader trend in cyber security towards prioritisation tools that aim to reduce alert volumes and direct staff to the most pressing issues. As organisations add more cloud services and AI-related systems, the number of potential findings has risen sharply, increasing demand for tools that link technical flaws to business risk.

For HackerOne, the integration extends the reach of findings from its testing and disclosure programmes into operational cloud security processes. For Wiz, it adds a source of externally validated vulnerability intelligence to the information it already gathers from cloud configurations, identities and exposed assets.

The companies said the result is intended to ensure validated risks move from discovery to resolution rather than remaining in a growing backlog of open findings.