HackerOne 'updating' Ts&Cs after bug hunters question if they're training AI
Summary
HackerOne is updating its terms and conditions after security researchers raised concerns that their bug reports were being used to train AI models. The company's CEO emphasized that security researchers are not considered "inputs" for AI training and is working to clarify the terms.
IFF Assessment
HackerOne addressing researcher concerns and clarifying AI training policies is a positive step for the security community.
Severity
Defender Context
This news highlights the increasing focus on data privacy and the ethical implications of AI training. Defenders should be aware of how their vulnerability research and reporting is being used and ensure that platforms they use have clear policies on AI training. Be aware of the terms and conditions of platforms used for security research and vulnerability disclosure.