How do I generate my HackerOne API Token?

Log in to HackerOne, navigate to **Settings > API Token**, and click 'Create API Token'. Make sure to copy both the **Identifier** and the **Token Value** immediately.

Can I award bounties through this integration?

Yes! Use the `award_bounty` tool by providing the report ID and the amount. You can also specify an optional bonus amount for the researcher.

Does the integration support internal comments?

Yes, the `add_report_comment` tool has an optional `internal` boolean parameter (defaults to true). This allows you to communicate with your team privately on a specific report.

Can I filter reports by their handle or ID?

You can use `list_reports` to see all reports or `get_report` with a specific ID to retrieve detailed information for a single discovery.

HackerOne MCP Server for Pydantic AI 10 tools — connect in under 2 minutes

Name: HackerOne
Availability: InStock
Author: Vinkius

ai.pydantic.dev/mcp

Built by Vinkius GDPR 10 Tools SDK

Pydantic AI brings type-safe agent development to Python with first-class MCP support. Connect HackerOne through Vinkius and every tool is automatically validated against Pydantic schemas. catch errors at build time, not in production.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

python

import asyncio
from pydantic_ai import Agent
from pydantic_ai.mcp import MCPServerHTTP

async def main():
    # Your Vinkius token. get it at cloud.vinkius.com
    server = MCPServerHTTP(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

    agent = Agent(
        model="openai:gpt-4o",
        mcp_servers=[server],
        system_prompt=(
            "You are an assistant with access to HackerOne "
            "(10 tools)."
        ),
    )

    result = await agent.run(
        "What tools are available in HackerOne?"
    )
    print(result.data)

asyncio.run(main())

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About HackerOne MCP Server

Connect your HackerOne organization account to any AI agent and take full control of your vulnerability management workflows through natural conversation.

Pydantic AI validates every HackerOne tool response against typed schemas, catching data inconsistencies at build time. Connect 10 tools through Vinkius and switch between OpenAI, Anthropic, or Gemini without changing your integration code. full type safety, structured output guarantees, and dependency injection for testable agents.

What you can do

Report Oversight — List all vulnerability reports, retrieve detailed information, and monitor their current state and severity.
Program Insights — Browse your bug bounty or VDP programs and access structured scopes and assets.
Report Interaction — Add comments to reports, change their triaged state, or award bounties directly from the chat.
Asset Tracking — Monitor the assets defined within your security programs and their reachability.
Financial Monitoring — Retrieve history of bounty payments and manage rewards efficiently.
Hacktivity Feed — Stay updated with the internal or public hacktivity feed to see recent discoveries.

The HackerOne MCP Server exposes 10 tools through the Vinkius. Connect it to Pydantic AI in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect HackerOne to Pydantic AI via MCP

Follow these steps to integrate the HackerOne MCP Server with Pydantic AI.

Install Pydantic AI

Run pip install pydantic-ai

Replace the token

Replace [YOUR_TOKEN_HERE] with your Vinkius token

Run the agent

Save to agent.py and run: python agent.py

Explore tools

The agent discovers 10 tools from HackerOne with type-safe schemas

Why Use Pydantic AI with the HackerOne MCP Server

Pydantic AI provides unique advantages when paired with HackerOne through the Model Context Protocol.

Full type safety: every MCP tool response is validated against Pydantic models, catching data inconsistencies before they reach your application

Model-agnostic architecture. switch between OpenAI, Anthropic, or Gemini without changing your HackerOne integration code

Structured output guarantee: Pydantic AI ensures tool results conform to defined schemas, eliminating runtime type errors

Dependency injection system cleanly separates your HackerOne connection logic from agent behavior for testable, maintainable code

HackerOne + Pydantic AI Use Cases

Practical scenarios where Pydantic AI combined with the HackerOne MCP Server delivers measurable value.

Type-safe data pipelines: query HackerOne with guaranteed response schemas, feeding validated data into downstream processing

API orchestration: chain multiple HackerOne tool calls with Pydantic validation at each step to ensure data integrity end-to-end

Production monitoring: build validated alert agents that query HackerOne and output structured, schema-compliant notifications

Testing and QA: use Pydantic AI's dependency injection to mock HackerOne responses and write comprehensive agent tests

HackerOne MCP Tools for Pydantic AI (10)

These 10 tools become available when you connect HackerOne to Pydantic AI via MCP:

add_report_comment

Add a comment to a specific vulnerability report

award_bounty

Award a bounty for a vulnerability report

change_report_state

Update the state of a vulnerability report (e.g., triaged, resolved)

get_program

Get details for a specific security program

get_report

Get detailed information about a specific vulnerability report

list_assets

List assets defined in your security programs

list_hacktivity

List the HackerOne hacktivity feed

list_payments

List bounty payments history

list_programs

List bug bounty or VDP programs you have access to

list_reports

List vulnerability reports submitted to your HackerOne program

Example Prompts for HackerOne in Pydantic AI

Ready-to-use prompts you can give your Pydantic AI agent to start working with HackerOne immediately.

"List all vulnerability reports submitted this week."

"Award a $500 bounty to report ID 12345."

"Change the state of report 12345 to 'Triaged'."

Troubleshooting HackerOne MCP Server with Pydantic AI

Common issues when connecting HackerOne to Pydantic AI through the Vinkius, and how to resolve them.

MCPServerHTTP not found

Update: pip install --upgrade pydantic-ai

HackerOne + Pydantic AI FAQ

Common questions about integrating HackerOne MCP Server with Pydantic AI.

How does Pydantic AI discover MCP tools?

Create an MCPServerHTTP instance with the server URL. Pydantic AI connects, discovers all tools, and generates typed Python interfaces automatically.

Does Pydantic AI validate MCP tool responses?

Yes. When you define result types as Pydantic models, every tool response is validated against the schema. Invalid data raises a clear error instead of silently corrupting your pipeline.

Can I switch LLM providers without changing MCP code?

Absolutely. Pydantic AI abstracts the model layer. your HackerOne MCP integration works identically with OpenAI, Anthropic, Google, or any supported provider.