Updated:
HackerOne
HackerOne operates as a cybersecurity services firm, not a traditional asset manager.
HackerOne
HackerOne operates as a cybersecurity services firm, not a traditional asset manager. Founded in 2012, the company was built around a marketplace that connects organizations with over 700,000 registered security researchers. The firm's revenue model is based on platform subscriptions, professional services like penetration testing, and per-vulnerability bounties paid to ethical hackers. The strategy covers several distinct offerings: bug bounty programs, vulnerability disclosure programs, pentesting as a service, AI red teaming, and code review. HackerOne's platform ingests findings, uses an AI agent called Hai to triage and validate reports, and presents prioritized risk data to customers. Named clients include Snap Inc., Shopify, and the US federal government. Geographically, the firm serves North America, Europe, and Asia-Pacific markets. Team size is undisclosed. HackerOne maintains a single headquarters in San Francisco with no additional offices listed publicly. The firm has raised over $160M in venture capital from firms including Benchmark, New Enterprise Associates, and Dragoneer Investment Group. In 2024, the company launched Hai, an AI co-pilot for security teams, signaling a pivot toward agentic automation in vulnerability management. HackerOne's structural differentiator is its crowdsourced-researcher community — a distributed workforce of ethical hackers who compete to find flaws, combined with machine learning that filters signal from noise. This dual model lets it offer continuous testing at a scale no single pentesting firm can match, while the AI layer reduces triage time from twenty minutes to five.
General information
Firm type
other
Year founded
—
AUM
Undisclosed
Location
Region
North America
Country
United States
City
San Francisco
Corporate office
San Francisco, CA, United States
Principals
Mårten Mickos
CEO
Sector focus
Frequently asked questions
Who makes investment and strategy decisions at HackerOne?
CEO Mårten Mickos leads the company. Strategic decisions are guided by a board of directors that includes investors from Benchmark, New Enterprise Associates, and Dragoneer Investment Group (per public venture capital records). The firm does not disclose an investment committee structure typical of family offices.
How does HackerOne source its security research talent?
HackerOne maintains a community of over 700,000 registered ethical hackers who voluntarily sign up on the platform. Researchers compete in bug bounty programs, earning bounties per valid vulnerability. The firm does not employ these researchers directly; they operate as independent contractors globally.
Is HackerOne structured as a family office or a venture-backed startup?
HackerOne is a venture-capital-backed cybersecurity company, not a family office. It has raised over $160M from institutional venture firms and operates as a Delaware C-corporation. No single family or dynasty controls its capital.
What investment stages does HackerOne target in its own operations?
HackerOne does not deploy capital into external businesses. It sells technology and services — subscription software, bug bounty payouts, and pentesting engagements — directly to enterprise and government customers.
Which sectors does HackerOne explicitly avoid?
The firm does not publish a negative screening policy. However, its ethical hacking community operates under a code of conduct that forbids testing without authorization; HackerOne itself serves customers across regulated industries including defense, finance, and healthcare.
How does HackerOne relate to its venture capital investors?
HackerOne raised Series A through D rounds from Benchmark, New Enterprise Associates, Dragoneer Investment Group, and others (per public funding announcements). These investors hold board seats and equity, but the firm operates as an independent, founder-led company.
Does HackerOne maintain philanthropic structures?
HackerOne does not publicly disclose a foundation or charitable arm. The firm's stated mission is to 'help build a safer internet' through its commercial platform, which includes free vulnerability disclosure programs for eligible open-source projects.
Profile maintained by Altss using OSINT (open-source intelligence), regulatory filings, licensed data partners, and verified direct submissions. Read the methodology. Last updated: . Continuous refresh with full update cycles at least every 30 days.
Need institutional-grade insight on family offices?
Altss delivers:
Prefer a guided tour?
We’ll walk you through: