HackerOne

HackerOne MCP Connector for Claude

A+

Automate bug bounty management via HackerOne — manage reports, programs, and payments directly from any AI agent.

10 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect your HackerOne organization account to any AI agent and take full control of your vulnerability management workflows through natural conversation.

What you can do

  • Report Oversight — List all vulnerability reports, retrieve detailed information, and monitor their current state and severity.
  • Program Insights — Browse your bug bounty or VDP programs and access structured scopes and assets.
  • Report Interaction — Add comments to reports, change their triaged state, or award bounties directly from the chat.
  • Asset Tracking — Monitor the assets defined within your security programs and their reachability.
  • Financial Monitoring — Retrieve history of bounty payments and manage rewards efficiently.
  • Hacktivity Feed — Stay updated with the internal or public hacktivity feed to see recent discoveries.

How it works

  1. Subscribe to this server
  2. Enter your HackerOne API Token Identifier and Token Value
  3. Start managing your security programs from Claude, Cursor, or any MCP-compatible client

No more jumping between report tabs. Your AI assistant acts as a dedicated Triage Engineer or Security Program Manager.

Who is this for?

  • Security Engineers — instantly retrieve report details and severity ratings during triage.
  • Bug Bounty Managers — automate the process of awarding bounties and communicating with researchers.
  • CISOs — maintain a real-time overview of incoming vulnerabilities and program health.
bug-bountyvulnerability-managementsecurity-researchpenetration-testingincident-response

10 tools expose this connector's capabilities to your AI agent.

add_report_comment

Add a comment to a specific vulnerability report

award_bounty

Award a bounty for a vulnerability report

change_report_state

Update the state of a vulnerability report (e.g., triaged, resolved)

get_program

Get details for a specific security program

get_report

Get detailed information about a specific vulnerability report

list_assets

List assets defined in your security programs

list_hacktivity

List the HackerOne hacktivity feed

list_payments

List bounty payments history

list_programs

List bug bounty or VDP programs you have access to

list_reports

List vulnerability reports submitted to your HackerOne program

See how to talk to your AI agent using HackerOne.

List all vulnerability reports submitted this week.

I've retrieved your reports. You have 5 new submissions this week, including 'SQL Injection in /api/v1/users' (High) and 'BOLA in account settings' (Medium). Would you like to see the details for the High severity report?

Award a $500 bounty to report ID 12345.

Bounty awarded! I've successfully processed a $500 reward for report 12345. The researcher has been notified. Should I add a comment to the report as well?

Change the state of report 12345 to 'Triaged'.

State updated! Report 12345 is now marked as 'Triaged'. I've also added an internal note for the security team. What's the next step for this report?

Log in to HackerOne, navigate to **Settings > API Token**, and click 'Create API Token'. Make sure to copy both the **Identifier** and the **Token Value** immediately.

Related Connectors