Corellium | Fortra | HackerOne
Q1. How has demand for mobile threat research and zero-day analysis shaped Corellium's engineering roadmap over the past few years?
Over the past few years, we’ve seen a significant uptick in demand from security researchers and enterprise teams focusing on mobile threat analysis and zero-day discovery, especially as mobile platforms grow increasingly complex and central to critical infrastructure. In response, Corellium has prioritized expanding platform support (including the latest iOS and Android versions), improving performance for dynamic analysis, and developing tools that accelerate exploit detection and debugging. Our roadmap has been shaped by the need to give researchers deeper visibility and control in simulated environments that reflect real-world threat scenarios. This includes enhanced kernel instrumentation, more powerful snapshotting and stateful analysis features, and automation capabilities for fuzzing and behavioral observation.
Q2. How is Corellium’s engineering team integrating AI/machine learning to enhance capabilities like automated vulnerability detection, dynamic analysis or behavioral modeling?
We see AI and machine learning as critical enablers for scaling mobile and IoT vulnerability research. Our engineering team is exploring several initiatives that embed AI into the analysis pipeline, for example, using ML models to detect anomalies in system behavior during dynamic execution or to prioritize code paths for fuzzing based on learned risk patterns. We're also prototyping tools that apply natural language processing to correlate crash logs, CVE reports, and stack traces, streamlining reverse engineering workflows. These efforts are still in development but reflect our broader strategy: using AI to augment, and not replace, the domain expertise of skilled researchers.
Q3. What new initiatives or collaborations for advancing mobile and IoT security research does Corellium plan on highlighting at Black Hat USA 2025?
At Black Hat USA 2025, we plan to spotlight several initiatives aimed at broadening access to advanced mobile and IoT research and testing tools. These include a new Corellium program for academic researchers, partnerships with select nonprofit threat intelligence groups, and an expanded SDK for automating vulnerability discovery workflows. We’ll also be debuting updates to our virtual device framework that support more granular hardware emulation virtualization for IoT chipsets, as well as showcasing collaborative work with independent researchers around firmware analysis and post-exploitation forensics. The focus is on empowering the community to dig deeper, faster, and with less friction.
Q1. How will Fortra's recent acquisition of Lookout benefit customers of both companies? How do you plan to integrate Lookout’s mobile threat defense capabilities into Fortra’s broader security portfolio?
Fortra is excited to announce the acquisition of Lookout’s Cloud Security division, a strategic move aligned with our mission to “Break the Attack Chain” by disrupting every stage of the cyberattack kill chain. This acquisition strengthens Fortra’s position as a leader in Data Protection and Data Security Posture Management (DSPM) space, expanding our ability to secure hybrid environments with advanced cloud-native capabilities.
Lookout’s technologies—including Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Secure Web Gateway (SWG)—complement Fortra’s existing portfolio and will be integrated into our platform to deliver a unified, end-to-end DSPM solution. This integration empowers organizations to safeguard data across endpoints, networks, and cloud applications with a consistent security posture.
For existing Fortra customers, this expansion unlocks immediate benefits:
For Lookout customers, joining the Fortra ecosystem presents an opportunity to consolidate vendors and simplify security operations. By leveraging Fortra’s broad portfolio, customers can address additional gaps in the kill chain with a single, integrated platform.
This acquisition reflects Fortra’s continued investment in innovation and customer-centric cybersecurity. We are thrilled to welcome the Lookout Cloud Security team and look forward to delivering enhanced value, simplified operations, and best-in-class protection to organizations around the world.
Q2. What emerging threat trends are prompting organizations to reassess their security strategies? How are these trends influencing Fortra’s product development priorities?
Organizations are re-evaluating their security strategies due to three major trends reshaping the threat landscape.
From a product strategy perspective, Fortra’s recent acquisition of Lookout’s cloud security division reinforces its commitment to a data-centric security approach. Lookout’s solutions strengthen Fortra’s ability to provide unified visibility and protection across hybrid environments—on-prem, cloud, and SaaS—ensuring sensitive data remains secure as organizations adopt and innovate with AI.
To stay ahead of AI-enabled adversaries, Fortra is investing significantly in its Threat Research and Intelligence team, actively partnering with global organizations to disrupt attacker infrastructure before threats materialize. These proactive efforts are complemented by Fortra’s market-leading offensive security tools, which empower defenders to identify and remediate attack surface gaps before malicious actors can exploit them.
Finally, Fortra’s integrated offering provides a full suite of solutions to protect you and your data across your entire attack surface. Importantly, we have been investing significantly to improve the interoperability of our solutions so that you can eliminate duplicate work across disparate solutions like email security and DLP. At the same time and perhaps more importantly, we have been investing in the Fortra Threat Brain – which is the AI-powered engine consuming identified threats and incidents across our and your attack surface and rapidly feeding those back to your integrated Fortra solutions to resolve significant issues with little or no human intervention. Our ultimate goal is to improve the efficacy of every cybersecurity professional in your organization by 3-5x.
Together, these investments demonstrate Fortra’s strategic alignment with the top trends shaping security today—offering customers an integrated, intelligent, and forward-looking defense posture in an increasingly complex threat landscape.
Q3. What new solutions or strategic initiatives will Fortra showcase at Black Hat USA 2025? What are your company's plans to engage with researchers and developers at the event?
Fortra is proud to return to Black Hat—an event we consider the premier gathering of the world’s top security minds. Many of our team members have been part of this community for years, and we see Black Hat not just as a conference, but as a place where cutting-edge innovation meets practical expertise.
Earlier this year, we launched our bold mission to “Break the Attack Chain”—disrupting every stage of the cyber kill chain to stop threat actors in their tracks. At Black Hat, we will demonstrate how Fortra’s integrated platform and intelligence-led approach deliver on that mission.
Our booth will feature industry-leading offensive security experts, including members of the renowned FIRE team (Fortra’s Intelligence and Research Experts). Join us for talks and demos that highlight our offensive security capabilities, our global threat disruption work, and fascinating insights into the infrastructure behind modern scams—often revealed through direct engagement with adversaries.
We also invite attendees to connect with the growing user community around our Outflank Red Teaming Tools. Fortra already has a strong base of dedicated practitioners, and each year at Black Hat we are excited to welcome more. Our talks and live demos consistently draw interest from red teamers and defenders alike who want to go deeper and contribute to the community’s advancement.
Whether you are an operator, defender, or decision-maker, come see how Fortra is breaking the chain—and how you can be part of it.
Q1. It's been six months since you took over as CEO of HackerOne. What have been your top priorities during this period?
In my first six months as CEO, my top priorities have been to engage with customers and security researchers, define a bold long-term vision, and accelerate our focus on both Security for AI and AI for Security.
Our vision is shaped by the urgent needs of our customers and security researcher community. While AI offers tremendous potential, customers and researchers share concerns about its security and the risk of false positives from automated tools. Customers, already drowning in false positives from automated scanners, want solutions that not only uncover hard-to-find vulnerabilities but also validate exploitability to better prioritize fixes.
As the market leader in offensive security, our goal is to be the definitive platform for eliminating vulnerabilities before they’re exploited. Today, we enable a defense-in-depth approach with layered offerings that unlock high-quality results, at scale: code security, pentest-as-a-service, bug bounty, and vulnerability disclosure.
We’ve invested heavily in our AI for Security capabilities and are integrating advanced AI to support both internal security teams and our global researcher community. Our in-platform AI security agent, Hai, accelerates the find-to-fix journey. With deep security knowledge and strong reasoning abilities, Hai is a multi-lingual agent that synthesizes and offers relevant context on vulnerability reports, transforms natural language into actionable queries, and recommends next steps based on relevant program and vulnerability data. It accelerates analysis and response while ensuring that signals from bug bounty, pentesting, and AI red teaming are connected and actionable.
On the Security for AI front, we’ve expanded our platform to test AI models and systems—an emerging risk area—as generative AI becomes core to enterprise operations. Our structured, scalable testing engagements uncover vulnerabilities unique to AI systems.
We continue to invest heavily in the world’s largest community of ethical hackers. Their insights go beyond what automated tools can offer—especially in the gray areas of novel and complex security issues and AI safety. We've improved researcher workflows, rewards, and tooling to support deeper, more targeted testing, helping customers close the gap between innovation and security.
Q2. How is HackerOne strategically expanding its AI red teaming and penetration testing as a service offerings? What role will your global hacker community play in driving innovation in these areas?
HackerOne’s platform includes solutions for AI system testing and pentesting as a service. Our AI system testing efforts support both foundation model providers, such as Anthropic and IBM, and enterprise consumers of foundation models, such as Snap and Adobe. These engagements are structured, scoped, and supported by specialized security researchers who understand how AI fails and how it can be exploited. Pentesting as a service provides our customers a methodology-driven way to find security vulnerabilities earlier and ensure proof of coverage. Some of our customers do a pentest before the launch of every new service.
As we have observed firsthand through the work of our security researcher community, AI doesn’t replace human insight; it augments it. The most complex and elusive vulnerabilities require creativity, intuition, and real-world adversarial perspective. That’s where our community comes in. We have the largest community of security researchers operating in 61 countries across 32 industries. And more than 50 of our researchers have earned over $1 million in rewards for their work helping organizations find and fix vulnerabilities on the platform.
We believe the future of AI security lies in the fusion of AI-powered tools and human-driven creativity. Together, they provide an unmatched defense layer for organizations navigating a rapidly shifting threat landscape.
Q3. What are HackerOne's plans for engaging with the hacker and researcher community at Black Hat USA 2025? Can you share details on any events, contests, or collaborative activities you’ll be hosting during the event?
Black Hat USA 2025 is a cornerstone moment for us. Not just to showcase our platform, but to celebrate and connect with our users and the security researcher community that powers it.
This year, we’re engaging across Black Hat and DEF CON through a diverse set of experiences designed for researchers, customers, and partners. At the center is the HackerOne Café (Booth #5036), where visitors can engage directly with top researchers and learn how HackerOne is redefining vulnerability management for agentic systems and AI-powered applications.
Our presence extends into DEF CON as a Premier Sponsor of the Bug Bounty Village, where researchers can participate in live hacking, education sessions, and community challenges. We’re excited to celebrate the researcher community and foster collaboration that drives better outcomes across the security ecosystem. We will also be cohosting a Bug Bounty Village Happy Hour with our customer, TikTok, for whom we support multiple bounty programs spanning security and privacy.
At these events, every conversation helps inform our roadmap, every engagement strengthens our platform, and every bug found moves us closer to a safer digital world. We’re excited to see the community in full force this August.
You can find out more about what HackerOne is up to at Black Hat and DEF CON on our event landing page, and schedule a meeting with us there.
