Integrate HackerOne with Claude, Cursor, Chatbots & AI Agents MCP Server

Q: How do I generate my HackerOne API Token?

Log in to HackerOne, navigate to Settings > API Token, and click 'Create API Token'. Make sure to copy both the Identifier and the Token Value immediately.

Automate bug bounty management via HackerOne — manage reports, programs, and payments directly from any AI agent.

GDPR Free for Subscribers

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

add

Add report comment on HackerOne

Add a comment to a specific vulnerability report

award

Award bounty on HackerOne

Award a bounty for a vulnerability report

change

Change report state on HackerOne

Update the state of a vulnerability report (e.g., triaged, resolved)

get

Get program on HackerOne

Get details for a specific security program

get

Get report on HackerOne

Get detailed information about a specific vulnerability report

list

List assets on HackerOne

List assets defined in your security programs

list

List hacktivity on HackerOne

List the HackerOne hacktivity feed

list

List payments on HackerOne

List bounty payments history

list

List programs on HackerOne

List bug bounty or VDP programs you have access to

list

List reports on HackerOne

List vulnerability reports submitted to your HackerOne program

Security & Code Integrity Audit

Every tool in the HackerOne MCP Server is continuously audited by the Vinkius Security Engine. We guarantee zero-trust payload isolation, strict data boundaries, and deterministic execution for enterprise-grade AI agents.

A+Score: 100

How Vinkius protects your data

Is there a risk of the AI "going crazy" and deleting important company data?

No. With Vinkius, the AI operates on "rails". It can only make the exact moves you authorized in the tool's settings. It cannot invent routes, access other networks in your company, or decide to delete random files. If the action isn't in the approved catalog, the attempt is blocked instantly.

Can I audit what my AI agents are doing with this integration?

Yes, Vinkius provides an immutable, HMAC-chained audit log. Every tool execution, payload, and response is tracked in real-time on your dashboard, giving you complete visibility into your agent's actions.

What if the AI ends up reading customer data or confidential information?

We have a built-in digital "bodyguard" called DLP (Data Loss Prevention). If a tool fetches data and the response contains social security numbers, credit cards, or personal customer info, Vinkius magically blocks and erases that information before it is delivered to the AI. The AI works only with what is strictly necessary, and your sensitive data never leaks.

How do I generate my HackerOne API Token?

Log in to HackerOne, navigate to Settings > API Token, and click 'Create API Token'. Make sure to copy both the Identifier and the Token Value immediately.

What can AI Agents do with HackerOne?

Enable conversational interfaces like ChatGPT and Claude to execute programmatic commands against the HackerOne infrastructure.

Streamlining bug bounty

Connect HackerOne to your AI agents (Claude, ChatGPT, Cursor) to manage bug bounty operations. The MCP server processes the underlying API requests and schema formatting for the fort knox domain.

AI Semantic Routing for vulnerability management

The HackerOne MCP integration translates natural language prompts into structured vulnerability management queries. This allows agents to fetch and update fort knox records securely.