HackerOne launches Good Faith AI Safe Harbor for security researchers

Most frontier‑model and agentic‑AI discussions still assume labs or vendors will self‑police, but production systems will live or die on whether outsiders can safely probe them. HackerOne’s Good Faith AI Research Safe Harbor is an attempt to port the norms of bug‑bounty and coordinated disclosure into the AI era. It gives researchers explicit legal cover to red‑team AI systems within agreed scopes, and encourages organizations to say, in effect, “yes, please hack our models, within these bounds.” ([hackerone.com](https://www.hackerone.com/press-release/hackerone-sets-standard-ai-era-testing-good-faith-ai-research-safe-harbor))

This matters for the AGI race because the most dangerous failure modes—jailbreaks, data exfiltration, synthetic identity abuse, agentic misbehavior—are exactly the ones that are hard to find with internal testing alone. If Safe Harbor‑style frameworks become standard, they could dramatically increase the volume and quality of adversarial testing on powerful systems before and after deployment. That reduces the odds that catastrophic exploits emerge in the wild first, and it creates a clearer legal template for regulators to reference when they talk about “AI red‑teaming.” Conversely, labs or platforms that refuse to embrace these norms may find themselves at a reputational and regulatory disadvantage.