HackerOne, Wiz team up to cut cloud security backlogs

Security teams have a backlog problem, and it is getting worse. Vulnerability submissions on HackerOne‘s platform climbed 76 percent year on year in March alone. Over that same period, resolution rates dropped from 73 percent down to 27 percent. More findings are coming in, fewer are getting fixed, and the gap between the two keeps widening.

HackerOne and Wiz, part of Google Cloud, are addressing that gap directly through a new integration that pulls validated vulnerability findings from HackerOne programmes into the Wiz cloud security platform. The idea is straightforward. Rather than handling bug bounty reports, disclosure findings, and AI red teaming results in isolation, security teams can now view them alongside the cloud assets, identities, and infrastructure they actually affect.

The context piece is what makes this practically useful. Knowing a vulnerability exists is one thing. Understanding which cloud systems it touches, how far its impact could spread, and whether real exploit evidence backs it up is what helps a team decide where to act first.

Through the integration, HackerOne findings connect directly to Wiz’s Security Graph and Attack Surface Management tools, giving analysts a way to trace potential impact across related assets rather than treating each report as a standalone item.

HackerOne linked part of the growing submission volume to advanced AI models, which are accelerating how quickly researchers and automated tools find weaknesses. Remediation, meanwhile, still depends on human teams working through complex environments. That mismatch is creating pressure that many security operations teams are struggling to absorb.

Oron Noah, VP of Product at Wiz, noted that context is what turns findings into action. Without it, teams spend time triaging reports that may carry little real-world risk while higher-impact issues sit unresolved further down the queue.

For organizations running large cloud environments, the practical outcome is a shared view between cloud security and vulnerability management workflows that previously operated separately. Findings move from discovery into the systems teams already use to investigate and manage exposure, rather than waiting in a separate queue for someone to manually connect the dots.

As AI expands attack surfaces and submission volumes continue rising, the ability to prioritize accurately is becoming less optional and more fundamental to how security teams function.