HackerOne Introduces Agentic Prompt Injection Testing as AI Security Risks Accelerate

HackerOne has announced the launch of Agentic Prompt Injection Testing, a new capability aimed at identifying whether AI systems can be exploited under real-world adversarial conditions. The release reflects growing concern across the industry as prompt injection vulnerabilities continue to rise sharply.

Data from the HackerOne platform shows a 540 percent year-over-year increase in validated prompt injection vulnerabilities. The spike highlights how quickly this category of AI risk is evolving, particularly as enterprises expand the role of large language models in production environments.

Prompt injection attacks manipulate inputs to influence how AI systems behave. In modern enterprise architectures, these systems are often connected to sensitive data sources, retrieval pipelines, and external tools. As a result, a single successful injection can lead to unintended actions, exposure of restricted information, or misuse of integrated systems.

Many current AI security approaches rely on filtering or blocking suspicious inputs at the model boundary. However, those controls do not fully address how systems behave when attacks succeed. Security teams are increasingly focused on whether AI applications can withstand adversarial conditions once deployed in real-world environments.

HackerOne’s new testing capability is designed to answer that question directly. Agentic Prompt Injection Testing executes structured, multi-turn adversarial scenarios against live AI applications. It evaluates whether prompt injection attempts can lead to actual data exposure or improper tool execution across interconnected systems.

The approach emphasizes end-to-end validation rather than theoretical risk. It also examines indirect attack paths, including those that move through retrieval systems or tool workflows, which are often more difficult to detect but can have significant impact.

HackerOne developed the capability based on its work securing AI systems for organizations including Anthropic, IBM, Snap, Adobe, and eBay.

“Prompt injection has quickly become a severe risk to deployed AI systems because it can transform a trusted application into an attack surface,” said Nidhi Aggarwal, Chief Product Officer at HackerOne. “Security teams can’t rely on static controls or runtime filters alone. They need validated proof of whether an AI system can be exploited once it’s connected to real data and tools. Agentic Prompt Injection Testing delivers that evidence, enabling organizations to identify confirmed exposure and reduce risk before it impacts the business.”

“AI is advancing at an unprecedented pace, and security must keep up,” said Omar Santos, Distinguished Engineer, AI Security at Cisco and Project Governing Board Co-Chair of the Coalition for Secure AI (CoSAI). “The future leading organizations will be defined not just by AI innovation, but by how well they secure it. Rigorous validation under adversarial conditions is becoming fundamental to building trustworthy AI systems and raising the bar for the industry.”

The new capability is available as part of HackerOne’s AI red teaming and LLM application pentesting services. It expands the company’s broader focus on continuous exposure validation by bringing scalable adversarial testing into production AI environments.

As organizations continue to integrate AI into critical workflows, the ability to validate security under real-world conditions is becoming a core requirement rather than an optional safeguard.

Join our LinkedIn group Information Security Community!