Tech

How Troy Hunt Uses AI to Power "Have I Been Pwned" Security Alerts

May 7th 2026

AI-generated, human-reviewed.

AI is rapidly reshaping cybersecurity, and one of the clearest examples is how Troy Hunt uses AI agents to help run "Have I Been Pwned", the world-famous breach notification service. On this week’s Intelligent Machines, Troy Hunt shared how his custom AI agent, "Bruce," is now handling support tickets, breach monitoring, and more—demonstrating what modern AI-powered automation looks like for critical security infrastructure.

How "Have I Been Pwned" Keeps Track of Billions of Breached Records

"Have I Been Pwned" (HIBP) lets users check if their email addresses or passwords have been exposed in a data breach. The platform now catalogs over 17.5 billion breach records—including more than 6 billion unique email addresses—posing significant challenges in data management and user support.

As Troy Hunt explained on Intelligent Machines, manually responding to user requests and support tickets became increasingly unsustainable as the scale of HIBP exploded. Most of the platform’s core operations are managed by Troy, his wife Charlotte, and a single trusted developer, making automation critical.

Meet Bruce: An AI-Powered Assistant for Security Operations

According to Hunt, the newest "team member" at HIBP is "Bruce," an AI-powered assistant built on top of modern language models and automation tools like OpenClaw and Zendesk.

Bruce’s key responsibilities include:

  • Drafting support ticket responses for user inquiries about breaches, account issues, and subscriptions.
  • Analyzing breach data to quickly identify compromised information and help update HIBP’s massive database.
  • Automating routine responses and workflows, aiming to free up human time for more complex or sensitive tasks.

Hunt highlighted that every AI-generated response is still human-reviewed before going to customers—especially for sensitive topics like pricing and privacy policy. This helps ensure accuracy and trust, since language models sometimes "hallucinate," or make up incorrect information.

How AI Handles the Challenges of Security at Scale

Handling billions of records and serving millions of users presents unique hurdles:

  • Privacy & Security: Bruce never handles or stores sensitive data like passwords directly, leveraging hashing and anonymization techniques.
  • Error Prevention: AI outputs, especially in customer service, are always reviewed by a human; incorrect pricing, for instance, is flagged and corrected before sending.
  • Empowerment Through Automation: AI is used to pre-draft emails, summarize complex breach notifications, and detect emerging threats faster.

Troy Hunt emphasized that the end goal isn’t to replace human oversight but to support it. As AI matures, more routine tasks can be reliably automated, but ultimate accountability and review will remain with skilled professionals.

What AI Means for the Future of Data Breach Notification

HIBP’s approach signals a broader trend: AI agents will become essential in managing security operations, support, and threat monitoring at global scale.

Key areas where AI-driven automation is making a difference:

  • Faster response times: Users get support and breach notifications more quickly, improving both security and peace of mind.
  • Scalability: Services like HIBP can handle global demand without ballooning costs or headcount, remaining accessible to all.
  • Continuous improvement: AI tools can scan for new breach information or suspicious activity around the clock.

This approach also opens new ethical and user-experience questions, such as how to identify or communicate with bots, how much decision-making power to delegate, and how to ensure transparency.

Key Takeaways

  • "Have I Been Pwned" is now powered by a human-AI team: Bruce, the AI assistant, drafts responses and monitors breaches, but all outputs are human-approved.
  • AI automation enables small teams to run mission-critical global services without compromising security or user trust.
  • Human oversight is vital: AI tools are powerful but still prone to errors; human review is required to maintain safety and credibility.
  • AI’s role in cybersecurity is expanding rapidly: Expect more services to integrate AI agents for customer support, breach detection, and response in the near future.
  • Privacy-centric design is essential: HIBP’s architecture anonymizes sensitive data and prevents direct exposure of user credentials.
  • Automation democratizes powerful security tools: Making them accessible for organizations of all sizes, and for free public use.

The Bottom Line

On Intelligent Machines, Troy Hunt illustrated a clear path for how AI can supplement, not supplant, security professionals. With the right safeguards and a focus on user trust, AI automation helps essential services like "Have I Been Pwned" handle the scale and speed required in the fight against global data breaches. As more organizations adopt this hybrid approach, expect the boundaries between human and machine roles in cybersecurity to continue shifting.

Don't miss actionable insights from the experts—subscribe to Intelligent Machines for more interviews with leaders shaping the future of technology.

Subscribe: https://twit.tv/shows/intelligent-machines/episodes/869

Chatbots in Charge Intelligent Machines #869
May 6 2026 - My Sentience is Going Up
Chatbots in Charge
All Tech posts