How to Use the HackerOne MCP in LangChain

Q: Can LangChain handle complex HackerOne triage workflows?

Yes. You build chains that sequence multiple tools like getreport and changereportstate to match your internal security team's specific requirements.

Build multi-step bug bounty pipelines in LangChain by connecting your agent to real-time HackerOne report data.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect HackerOne MCP to LangChain

Create your Vinkius account to connect HackerOne to LangChain and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup HackerOne with LangChain

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Chain report triage and resolution

Your agent pulls fresh vulnerabilities using `list_reports` and feeds the data into your custom logic. It decides if a report needs more info or is ready for a state change. Use `add_report_comment` to bridge the gap between your pipeline and the researcher. You track every step via LangSmith to ensure the agent logic follows your defined security policy.

Automate bounty payouts through LangChain

You define a chain that checks payment history with `list_payments` before triggering a payout. This prevents duplicate awards and keeps your budget in check. Once the criteria are met, the agent invokes `award_bounty` to close the loop. It’s a direct, code-driven way to handle financial workflows without leaving your IDE.

Query program assets and metadata

The agent fetches program scopes using `list_assets` to verify if a report falls within the target range. It uses `get_program` to pull specific rules for that engagement. This keeps your agent informed about current program constraints. By indexing these details, your chain avoids wasting cycles on out-of-scope submissions.

Setup guide

Set up HackerOne MCP in LangChain

Prerequisites

Python 3.10+ installed
langchain-mcp-adapters + langgraph packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run pip install langchain-mcp-adapters langgraph langchain-openai. The MCP adapters package converts MCP tools into native LangChain BaseTool objects.
2

Connect via HTTP transport
Use MultiServerMCPClient with "transport": "http" pointing to your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Create a ReAct agent
Pass the discovered tools to create_react_agent() from LangGraph. The agent automatically routes HackerOne tool calls through the MCP protocol.
4

Run with any LLM
Swap ChatOpenAI for ChatAnthropic, ChatGoogleGenerativeAI, or any LangChain-compatible model. The MCP tools work identically across all providers.

agent.py

from langchain_mcp_adapters.client import MultiServerMCPClient
from langgraph.prebuilt import create_react_agent
from langchain_openai import ChatOpenAI

async with MultiServerMCPClient({
    "hackerone-mcp": {
        "transport": "http",
        "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
    }
}) as client:
    tools = client.get_tools()

    agent = create_react_agent(
        ChatOpenAI(model="gpt-4o"),
        tools,
    )
    result = await agent.ainvoke({
        "messages": "List recent HackerOne transactions"
    })
    print(result["messages"][-1].content)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HackerOne. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HackerOne now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HackerOne MCP in LangChain

Install the required adapters and initialize the MCP client with your endpoint. Pass the tools directly into your agent constructor to start executing commands.

Yes. You build chains that sequence multiple tools like `get_report` and `change_report_state` to match your internal security team's specific requirements.

Your data remains local to your execution environment. The server uses an ephemeral sandbox, and you only share the specific tokens required for the API connection.

Every tool call is fully observable. You get detailed logs of inputs and outputs for every interaction between the agent and the API.

The server returns a standard error code that your chain catches. You can then program a retry or a pause in your LangChain workflow.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python