Case Study: Grammarly achieves continuous, hacker-powered security and stronger user trust with HackerOne

Grammarly Exceeds Customer Expectations with Hacker-Powered Security

Grammarly, the AI-powered writing assistant used by millions and tens of thousands of teams daily, needed to protect user data and maintain trust during a period of accelerated growth. Facing complex, evolving systems and the limits of time-bound pentests, the company required continuous testing, diverse security expertise, 24/7 support, and integrations to reduce operational workload and meet SLAs.

Grammarly partnered with HackerOne to run private then public bug bounty programs, targeted pentests, and a triage service. Hacker-sourced findings led to concrete fixes (for example, a company-wide CSRF reimplementation), custom static-analysis rules in CI/CD, reduced attack surface, faster vulnerability validation, greater transparency with customers, and even new security hires—making hacker-powered security a continuous, integral part of their product development and trust strategy.

Grammarly

Joe Xavier

Vice President of Engineering