HackerOne MCP Server
Automate bug bounty management via HackerOne — manage reports, programs, and payments directly from any AI agent.
Ask AI about this MCP Server
Vinkius supports streamable HTTP and SSE.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
What is the HackerOne MCP Server?
The HackerOne MCP Server gives AI agents like Claude, ChatGPT, and Cursor direct access to HackerOne via 10 tools. Automate bug bounty management via HackerOne — manage reports, programs, and payments directly from any AI agent. Powered by the Vinkius - no API keys, no infrastructure, connect in under 2 minutes.
Built-in capabilities (10)
Tools for your AI Agents to operate HackerOne
Ask your AI agent "List all vulnerability reports submitted this week." and get the answer without opening a single dashboard. With 10 tools connected to real HackerOne data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.
Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by the Vinkius - your credentials never touch the AI model, every request is auditable. Connect in under two minutes.
Why teams choose Vinkius
One subscription gives you access to thousands of MCP servers - and you can deploy your own to the Vinkius Edge. Your AI agents only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure and security, zero maintenance.
Build your own MCP Server with our secure development framework →Vinkius works with every AI agent you already use
…and any MCP-compatible client
HackerOne MCP Server capabilities
10 toolsAdd a comment to a specific vulnerability report
Award a bounty for a vulnerability report
Update the state of a vulnerability report (e.g., triaged, resolved)
Get details for a specific security program
Get detailed information about a specific vulnerability report
List assets defined in your security programs
List the HackerOne hacktivity feed
List bounty payments history
List bug bounty or VDP programs you have access to
List vulnerability reports submitted to your HackerOne program
What the HackerOne MCP Server unlocks
Connect your HackerOne organization account to any AI agent and take full control of your vulnerability management workflows through natural conversation.
What you can do
- Report Oversight — List all vulnerability reports, retrieve detailed information, and monitor their current state and severity.
- Program Insights — Browse your bug bounty or VDP programs and access structured scopes and assets.
- Report Interaction — Add comments to reports, change their triaged state, or award bounties directly from the chat.
- Asset Tracking — Monitor the assets defined within your security programs and their reachability.
- Financial Monitoring — Retrieve history of bounty payments and manage rewards efficiently.
- Hacktivity Feed — Stay updated with the internal or public hacktivity feed to see recent discoveries.
How it works
1. Subscribe to this server
2. Enter your HackerOne API Token Identifier and Token Value
3. Start managing your security programs from Claude, Cursor, or any MCP-compatible client
No more jumping between report tabs. Your AI assistant acts as a dedicated Triage Engineer or Security Program Manager.
Who is this for?
- Security Engineers — instantly retrieve report details and severity ratings during triage.
- Bug Bounty Managers — automate the process of awarding bounties and communicating with researchers.
- CISOs — maintain a real-time overview of incoming vulnerabilities and program health.
Frequently asked questions about the HackerOne MCP Server
How do I generate my HackerOne API Token?
Log in to HackerOne, navigate to Settings > API Token, and click 'Create API Token'. Make sure to copy both the Identifier and the Token Value immediately.
Can I award bounties through this integration?
Yes! Use the award_bounty tool by providing the report ID and the amount. You can also specify an optional bonus amount for the researcher.
Does the integration support internal comments?
Yes, the add_report_comment tool has an optional internal boolean parameter (defaults to true). This allows you to communicate with your team privately on a specific report.
Can I filter reports by their handle or ID?
You can use list_reports to see all reports or get_report with a specific ID to retrieve detailed information for a single discovery.
More in this category
Cleared (ClearedIn)
8 toolsManage identity verification and background screening via Cleared — track verifications, monitor screenings, and audit security logs directly from any AI agent.
Amazon S3
10 toolsCloud object storage orchestration — manage buckets, objects, and metadata via AI.
Censys
9 toolsSearch internet-connected hosts, SSL certificates and attack surface — discover exposed services and vulnerabilities.
You might also like
X Ads (Twitter)
8 toolsManage your X Ads campaigns — audit accounts, line items, and analytics via AI.
Dixa
10 toolsEquip your AI agent to manage customer conversations, track agents, and monitor support queues via the Dixa API.
Fortnite Cosmetics & Item Shop
8 toolsThe definitive server for Fortnite cosmetics — track daily shop rotations, leaked skins, and rarity via AI.
Connect HackerOne with your favorite client
Step-by-step setup guides for every MCP-compatible client and framework:
Anthropic's native desktop app for Claude with built-in MCP support.
AI-first code editor with integrated LLM-powered coding assistance.
GitHub Copilot in VS Code with Agent mode and MCP support.
Purpose-built IDE for agentic AI coding workflows.
Autonomous AI coding agent that runs inside VS Code.
Anthropic's agentic CLI for terminal-first development.
Python SDK for building production-grade OpenAI agent workflows.
Google's framework for building production AI agents.
Type-safe agent development for Python with first-class MCP support.
TypeScript toolkit for building AI-powered web applications.
TypeScript-native agent framework for modern web stacks.
Python framework for orchestrating collaborative AI agent crews.
Leading Python framework for composable LLM applications.
Data-aware AI agent framework for structured and unstructured sources.
Microsoft's framework for multi-agent collaborative conversations.
Give your AI agents the power of HackerOne MCP Server
Production-grade HackerOne MCP Server. Verified, monitored, and maintained by Vinkius. Ready for your AI agents — connect and start using immediately.