How do I generate my HackerOne API Token?

Log in to HackerOne, navigate to **Settings > API Token**, and click 'Create API Token'. Make sure to copy both the **Identifier** and the **Token Value** immediately.

Can I award bounties through this integration?

Yes! Use the `award_bounty` tool by providing the report ID and the amount. You can also specify an optional bonus amount for the researcher.

Does the integration support internal comments?

Yes, the `add_report_comment` tool has an optional `internal` boolean parameter (defaults to true). This allows you to communicate with your team privately on a specific report.

Can I filter reports by their handle or ID?

You can use `list_reports` to see all reports or `get_report` with a specific ID to retrieve detailed information for a single discovery.

HackerOne MCP Server

Name: HackerOne
Availability: InStock
Author: Vinkius

hackerone.com

Built by Vinkius GDPR ToolsFree

Automate bug bounty management via HackerOne — manage reports, programs, and payments directly from any AI agent.

Vinkius AI Gateway supports streamable HTTP and SSE.

Works with every AI agent you already use

…and any MCP-compatible client

HackerOne MCP Server: see your AI Agent in action

AI Agent→Vinkius→HackerOne

You

Vinkius AI Gateway

GDPR·High Security·Kill Switch·Ultra-Low Latency·Plug and Play

Built-in capabilities (10)

add_report_comment

Add a comment to a specific vulnerability report

award_bounty

Award a bounty for a vulnerability report

change_report_state

Update the state of a vulnerability report (e.g., triaged, resolved)

get_program

Get details for a specific security program

get_report

Get detailed information about a specific vulnerability report

list_assets

List assets defined in your security programs

list_hacktivity

List the HackerOne hacktivity feed

list_payments

List bounty payments history

list_programs

List bug bounty or VDP programs you have access to

list_reports

List vulnerability reports submitted to your HackerOne program

What this connector unlocks

Connect your HackerOne organization account to any AI agent and take full control of your vulnerability management workflows through natural conversation.

What you can do

Report Oversight — List all vulnerability reports, retrieve detailed information, and monitor their current state and severity.
Program Insights — Browse your bug bounty or VDP programs and access structured scopes and assets.
Report Interaction — Add comments to reports, change their triaged state, or award bounties directly from the chat.
Asset Tracking — Monitor the assets defined within your security programs and their reachability.
Financial Monitoring — Retrieve history of bounty payments and manage rewards efficiently.
Hacktivity Feed — Stay updated with the internal or public hacktivity feed to see recent discoveries.

How it works

1. Subscribe to this server
2. Enter your HackerOne API Token Identifier and Token Value
3. Start managing your security programs from Claude, Cursor, or any MCP-compatible client

No more jumping between report tabs. Your AI assistant acts as a dedicated Triage Engineer or Security Program Manager.

Who is this for?

Security Engineers — instantly retrieve report details and severity ratings during triage.
Bug Bounty Managers — automate the process of awarding bounties and communicating with researchers.
CISOs — maintain a real-time overview of incoming vulnerabilities and program health.

Frequently asked questions

Give your AI agents the power of HackerOne

Access HackerOne and 2,000+ MCP servers — ready for your agents to use, right now. No glue code. No custom integrations. Just plug Vinkius AI Gateway and let your agents work.

DETAILS

CategoryFort Knox

OFAC Sanctions Service

10 tools

Access authoritative sanctions data via OFAC SLS — track SDN lists, entities, and version history directly from your AI agent.

CyberArk Privilege Cloud

10 tools

Manage privileged access via CyberArk — audit secure safes, checkout vaulted account passwords, monitor users, and terminate sessions directly from any AI agent.

CockroachDB Cloud

8 tools

Manage distributed SQL clusters via CockroachDB Cloud — track clusters, monitor nodes, and audit network allowlists directly from any AI agent.

Descript

8 tools

Equip your AI agent with direct access to Descript — manage projects, export transcripts, and retrieve media assets without opening the video editor.

ECB Exchange Rates — Official EUR Reference Rates

3 tools

Official ECB reference exchange rates: EUR against 40+ currencies updated daily at 16:00 CET. Get single pair rates, multi-currency comparisons, and the latest snapshot of all published rates — daily, monthly, or annual frequency.

Kargo

10 tools

Automate logistics and loading dock operations via Kargo — track shipments and sync data directly from your AI agent.