HACKI: an AI security assistant
Security teams were drowning in vulnerability data. I led the design of HACKI, an AI assistant that lets them ask the data questions and get trustworthy answers in plain language, in any language.
Overview
HACKI is a conversational AI assistant designed for HackerOne's enterprise security platform. As Head of Product Design I owned the exploration end to end: problem framing, research, the conversational interaction model, and the interface, partnering closely with engineering and product. It is the case study of working out how an AI-native assistant earns a security team's trust, the model that went on to shape the customer-centric AI agents I designed next.
The problem
Security teams on HackerOne were drowning. Vulnerability data was scattered across dashboards, reports arrived faster than analysts could triage them, and non-English-speaking teams lost time translating findings before they could act. In security, slow interpretation is expensive: it means missed threats and delayed response.
Research & discovery
I ran task-analysis and participatory-design sessions with analysts and security leads to map where time was actually lost, not where we assumed it was. That research reframed the work. The goal was never another dashboard. It was a way to ask the data questions and get answers people could act on without second-guessing.
Insights: the reframe
- We assumed teams needed a better dashboard. Research showed they needed to stop reading and start asking. The unlock was a question-and-answer model, not another set of charts.
- Trust came from transparency. People believed an answer only when they could see where it came from, so HACKI had to cite its sources and show its reasoning.
- Translation was a hidden tax. Global teams were spending real time turning findings into their own language before they could even start.
Exploration & iteration
Testing: what changed
The solution
HACKI lets a security team ask its own data anything, in plain language.
It answers in context, grounded in the team's live data, and shows where each answer came from.
The scattered dashboards became unified views, and long reports became auto-generated summaries that read in any language.
Impact
HACKI was an early exploration for HackerOne's enterprise platform: a concept for turning scattered, jargon-heavy vulnerability data into answers anyone on the team could act on, in plain language, with every answer citing its sources. It did not ship, but the model it proved out, an AI that shows its work so people trust it, became the foundation for the customer-centric AI agents I designed next. I owned the problem framing, the interaction model, and the interface.
Reflection
The lesson that carried into everything since: an AI feature is only as good as the trust it earns. People did not want a smarter black box, they wanted to see the work. Grounding every answer in real data and its sources is the difference between a clever demo and something a security team would actually rely on, and it became the through-line of the AI work that followed.



