Hacker wins rare Australian visa after exposing government security flaw

By Phan Anh January 4, 2026 | 06:25 pm PT

Cybersecurity expert Jacob Riggs. Photo courtesy of jacobriggs.io

A British cybersecurity expert uncovered a serious flaw in Australian government systems and secured one of the country's rarest visas while his immigration application was still under review.

Jacob Riggs, a London-based information security specialist, was granted Australia's National Innovation (subclass 858) visa in December 2025 after identifying a critical vulnerability in networks operated by the Department of Foreign Affairs and Trade.

Working from his home in southeast London, Riggs found the exploitable weakness in under two hours during a permitted security assessment and promptly disclosed it to authorities, Sydney Morning Herald reported.

The 858 visa, formerly known as the Global Talent visa, is designed to attract individuals with internationally recognized achievements in priority fields such as cybersecurity, artificial intelligence and advanced technology. Approval rates are exceptionally low, The Telegraph reported. Since the program began, more than 9,000 expressions of interest have been lodged, but only a few hundred applicants have been invited to apply and fewer than 100 have been granted residency.

Riggs, 36, currently serves as global director of information security for a major software-as-a-service company. He said the vulnerability he reported met the threshold for "critical" severity under the Common Vulnerability Scoring System, an industry-standard framework used to assess cyber risks.

Australia’s foreign affairs department runs a formal vulnerability disclosure program that allows security researchers to test systems within defined limits. After Riggs reported the issue, officials moved quickly to fix it and later acknowledged his contribution on the department’s public disclosure honor roll.

Unlike many recipients of the visa, Riggs does not hold advanced academic degrees and said he barely completed secondary school. Instead, his application included around 60 pages of evidence, ranging from bug bounty payouts to letters of recognition from governments, universities, and major technology firms. He said he reached the attachment limit during the submission process.

With his application still pending months later, Riggs decided to submit fresh, real-time proof of his capabilities, arguing that cybersecurity excellence is difficult to demonstrate through traditional credentials alone. In a blog post, he wrote that there is no equivalent of an Olympic gold medal in the cyber field, making practical outcomes the clearest signal of expertise.

Riggs said he plans to relocate to Sydney within the next year to continue working in cybersecurity, adding that the move will require adjusting not just his career, but his entire life.