Critical-risk tools in 100Hires - AI ATS & Recruitment Software
19 of the 131 tools in 100Hires - AI ATS & Recruitment Software are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
hires_batch_remove_from_boardsDestructiveDeactivate board publication for multiple jobs in one request. Use for bulk depublishing workflows.
-
hires_batch_remove_tagsDestructiveRemove tags from multiple candidates in one request (max 100). Returns per-item results with partial success support.
-
hires_cancel_all_notification_messagesDestructiveCancel all scheduled notification emails for a candidate. Already sent notifications are not affected. Returns success even if no scheduled notifications exist.
-
hires_delete_applicationDestructivePermanently delete an application. This removes it from all list and view queries.
-
hires_delete_candidateDestructivePermanently delete a candidate by ID or alias.
-
hires_delete_companyDestructiveDelete a company. Use for lifecycle control in partner tenancy management.
-
hires_delete_email_templateDestructiveSoft-delete an email template. Templates already used in automations will stop being available for new actions.
-
hires_delete_formDestructiveDelete an application form.
-
hires_delete_jobDestructiveDelete a job. Use to align archived/removed positions across integrated platforms.
-
hires_delete_job_webhookDestructiveDelete a job webhook subscription by ID. Use for cleanup, rotation, and endpoint migration.
-
hires_delete_messageDestructiveCancel a scheduled message before it is processed by the mailbox scheduler.
-
hires_delete_noteDestructiveDelete a note. Use for moderation policies and data cleanup operations.
-
hires_delete_notification_messageDestructiveCancel a scheduled notification email before it is sent. Already sent messages cannot be canceled.
-
hires_delete_nurture_campaignDestructiveDelete (soft-delete) a nurture campaign. Active campaign executions will be stopped.
-
hires_delete_questionDestructiveDelete a reusable question from the catalog. Use cautiously when deprecating question banks.
-
hires_delete_webhookDestructiveDelete a company-scoped webhook subscription by ID. Use for endpoint retirement and security rotation.
-
hires_remove_candidate_tagDestructiveRemove a specific tag from a candidate.
-
hires_remove_from_job_boardDestructiveDeactivate selected board publications for a job. Stops the job from being listed on specified boards.
-
hires_transfer_applicationFinancialTransfer an application to another job. A new application is created on the target job. Optionally specify a stage on the target job's pipeline.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.