The report covered a number of topics including demographics (respondents were from 85 countries, including the United States, India, Bangladesh, Pakistan, Nepal, Egypt, Nigeria, the United Kingdom, Vietnam, and Australia) and attitudes however we will address the specifics regarding AI and hacking in this summary.
Initially, the report takes great pains in grounding the term ‘hacker’ as someone working on the ‘positive’ side of the industry:
Merriam-Webster defines a “hacker” as “an expert at programming and solving problems with a computer.” While “hacker” is the predominant self-descriptor used by the cybersecurity community (with even some CISOs we know adopting the moniker), this benevolent term has sadly become synonymous with malice. The bad guys also call themselves hackers, and unfortunately, they get most of the attention. Here at Bugcrowd (and in this report), we refer to the good guys as hackers. Other terms you may have heard include “ethical hackers,” “white hat hackers,” and “security researchers.”
“There is no denying that AI remains a strong force within the hacking community, changing the very strategies hackers are using to find and report vulnerabilities,” says Dave Gerry, CEO of Bugcrowd. “Bugcrowd is in a privileged position to work with a creative, forward-thinking community that thrives on the cutting edge of cybersecurity. Celebrating hackers is part of the core of what we do at Bugcrowd, and these insights can help businesses understand the unique value this community brings to fighting against today’s AI-driven cyberattacks.”
While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024. Additionally, hackers are increasingly using generative AI solutions, with 77% now reporting the adoption of such tools—a 13% increase from 2023.
Key findings from the survey include the following:
- 93% of hackers agree that companies using AI tools have created a new attack vector
- 82% believe that the AI threat landscape is evolving too rapidly to be effectively secured from cyberattacks
- 86% believe that AI has fundamentally changed their approach to hacking
- 74% agree that AI has made hacking more accessible, opening the door for newcomers to join the fold
- Despite these threats, 73% of hackers reported being confident in their ability to uncover vulnerabilities in AI-powered apps
Of some interest is the fact that around half of the respondents believed that AI will never beat them in value or effectiveness for three reasons:
- They bring a level of creativity that AI lacks.
- They can think of new attacks that AI can’t predict because AI relies on known information.
- They think outside of the box, which gives them an advantage over ML models and predictive AI
Of course there is also an interesting cooperative nature of hacking in conjunction with AI. For instance:
Anonymous: “I achieved a remote code execution (RCE) accidentally while chatting with an AI bot that was misconfigured and had the ability to execute OS commands on the system where it was hosted. It provided me with the command output.”
iTWire commends the report as an interesting insight into the current state of play.
