Security programs generate findings from many sources including automated scanners, cloud security tools, penetration tests, and bug bounty programs. Too often these findings live in silos, disconnected from the environments they impact. Teams are left asking: What cloud infrastructure sits behind that exploitable endpoint? What sensitive data could an attacker pivot to? How far could an adversary go in exploitation?
Without that context, teams are left guessing which risks to prioritize and exploitable risk remains exposed. As the threat landscape evolves at AI speed, security programs must be designed to be resilient and dynamic, continuously connecting, contextualizing, and prioritizing risk across the environment.
Today, we're excited to announce our integration between HackerOne and Wiz. HackerOne findings now appear directly in Wiz, bringing together proven exploitability and cloud context on the Wiz Security Graph.
Security leaders don’t just need more findings. They need confidence in what’s actually exploitable and where it leads. By combining HackerOne’s continuous testing with Wiz’s deep cloud visibility, organizations can turn visibility into a defensive advantage, testing their attack surface the way real attackers would before adversaries can exploit it, and enabling defenders to stay ahead of evolving threats.
Nidhi Aggarwal, Chief Product Officer at HackerOne
Extending the Pen Test to the Full Blast Radius
Pen tests and bug bounty programs are scoped by design: researchers focus on specific targets, applications, and attack scenarios. But the impact of what they find doesn't stop at the scope boundary. A privilege escalation finding in one application could have implications across the broader cloud environment, and teams need to connect those dots to see the full picture.
By bringing these findings into Wiz, that view into impact is extended. Here's how the integration helps security teams move from isolated reports to actionable, contextual risk:
Proven exploitable vulnerabilities, enriched with cloud context: Pen test and bug bounty findings flow into Wiz as Attack Surface findings, each carrying severity, proof of concept, and remediation guidance.
Extended attack surface visibility: From there, hosts associated with your HackerOne programs are imported into Wiz Attack Surface Management (ASM) and scanned automatically, connecting them to the Security Graph and mapping the infrastructure, identities, and data flows that reveal the full blast radius.
Unified view, connected workflows: The finding lifecycle - triage, response, and remediation tracking - stays in HackerOne, where your researchers and program managers already work. While your security teams can understand broader impact and drive remediation within Wiz.
Closing the Gap Between Discovery and Remediation
One of the biggest challenges in security is the last mile - remediation.
When a pen test wraps up or a bug bounty report comes in, the findings often get handed off to development teams, and quickly get buried in a backlog as feature work and releases take priority. With this integration, that gap starts to close:
Security teams: Gain visibility into the full blast radius of exploitable risk, making it easy to prioritize and route findings to the right owners for remediation through Wiz Workflows.
Pen Test and Bug Bounty program managers: Continue to manage researcher communication and the finding lifecycle in HackerOne, while your broader security organization gets cloud-enriched visibility to ensure findings don't stall.
Security leaders: Get confidence that validated findings are driving real remediation, not sitting in a backlog, by tracking their burn down with Wiz Boards.
Get Started with Wiz and HackerOne
Continuous testing and cloud context are stronger together. With HackerOne findings now in Wiz, security findings are no longer isolated reports. They're actionable, contextual, and connected to the environment where they matter.
Customers can follow the guide in Wiz Docs (login required) to get started or request a demo to see the Wiz and HackerOne integration live.
