HackerOne & Wiz link validated findings to cloud risk

HackerOne has integrated its vulnerability findings with Wiz's cloud and AI security platform, linking validated security reports with cloud environment data.

The integration is designed to help security teams decide which flaws to fix first by combining evidence of exploitability with information about affected systems. It brings HackerOne findings into Wiz so teams can see how reported weaknesses map to infrastructure, identities and data.

The announcement comes as cybersecurity teams contend with a growing volume of findings and a slower pace of remediation. Vulnerability submissions on HackerOne's platform rose 76% year on year in March, while resolution rates fell from 73% to 27% over the past year.

According to HackerOne, that gap has contributed to a backlog of unresolved issues. The rise of advanced AI models is also shifting the balance between discovery and remediation, with more vulnerabilities identified in less time.

How it works

The integration connects findings from bug bounty, vulnerability disclosure, pentesting and AI red teaming programmes with Wiz's Security Graph and attack surface management tools. By placing those findings in the context of a cloud estate, security teams can assess the likely impact of a weakness rather than treating each finding in isolation.

In practice, teams can examine what the companies describe as the "blast radius" of exploitable vulnerabilities across cloud environments. They can also prioritise issues backed by evidence of real-world exploitability, connect security and cloud workflows, and move validated risks into remediation instead of leaving them in a queue.

Wiz, now part of Google Cloud, has expanded its role in cloud security by giving customers a broad view of assets, relationships and exposures across their environments. HackerOne is best known for its platform that connects organisations with security researchers, but it has also broadened its focus to include cloud and AI systems.

The tie-up reflects a wider trend in the security market towards bringing together different sources of risk data. Many companies already have tools to detect misconfigurations, exposed assets and software weaknesses, but often struggle to determine which findings are most likely to be used in an attack.

Backlog pressure

The figures cited by HackerOne illustrate the problem starkly. A rise in submissions can improve visibility into weaknesses, but it can also overwhelm internal teams if triage and remediation do not keep pace.

For cloud-focused organisations, the issue is particularly acute because vulnerabilities often sit alongside identity risks, misconfigurations and exposed data. A flaw that appears limited in one context can become more serious when linked to a privileged account, a publicly reachable workload or sensitive information.

Oron Noah, VP Product, Extensibility & Partnerships at Wiz, said context determines whether findings lead to action. "Context is what turns security findings into meaningful action," Noah said. "Through our partnership with HackerOne, customers can bring validated exploitability into the broader context of their cloud environments. The integration helps teams focus on the biggest risks so they can prioritize remediation with greater clarity and confidence."

HackerOne said the integration sits within its PartnerOne Technology Alliance Program, which brings together external tools around the company's broader approach to exposure management. The aim is to shorten the path from identifying a problem to fixing it.

John Addeo, VP of Global Channels at HackerOne, said interoperability is central to that effort. "PartnerOne is built around a simple idea: customers get stronger security outcomes when the tools they rely on work better together," Addeo said. "Our partnership with Wiz reflects that mission by bringing validated risk into the cloud security workflows teams already use. Together, we're helping teams close the gap between discovery and remediation by moving from reactive vulnerability management to proactive exposure reduction."

The integration is available now.