Bugcrowd Finds Hackers More Cautious of AI Than Silicon Valley Investors

Highlights:

• The annual Inside the Mind of a Hacker report by Bugcrowd reveals that more than half of respondents, 55%, believe AI can already outperform hackers or will be able to do so within the next five years.
• The report reveals that more than half of the respondents refrained from disclosing vulnerabilities due to ambiguous reporting channels or potential legal consequences.

Recently, crowdsourced cybersecurity company Bugcrowd Inc. published a new report revealing that hackers are more skeptical of artificial intelligence than Silicon Valley investors.

The annual Inside the Mind of a Hacker report by Bugcrowd reveals that more than half of respondents, 55%, believe AI can outperform hackers or will be able to do so within the next five years. However, hackers are unconcerned about being replaced, with 72% of respondents stating that generative AI cannot replicate their creativity.

As with the general population, hackers increasingly employ AI. Half of those surveyed indicated they are currently using AI to automate tasks, 48% to analyze data, and 36% to identify vulnerabilities. The top five responses were finished by validating findings (35%) and conducting reconnaissance (33%). Nearly two-thirds of the people who filled out the survey said they think that generative AI technologies have made responsible hacking and security studies more valuable.

57% of hackers were members of Generation Z between the ages of 18 and 24, while 28% were millennials between the ages of 25 and 34, confirming stereotypes about the youth of hackers. Unsurprisingly, 96% of respondents were men, and only 4% were women. The overwhelming majority of respondents, 82%, hack on the side or consider it a secondary business.

The leading motivations for ethical hacking were personal growth (28%), financial benefit (24%), and exhilaration (14%). An overpowering 87% of respondents place reporting a vulnerability above profiting from it.

Interestingly, only 24% of hackers acquired their abilities via academic or professional training. The majority are self-taught (71%), utilizing online resources (84%), trial-and-error (40%), and peer and mentor guidance (34%).

In addition, the report reveals that more than half of the respondents refrained from disclosing vulnerabilities due to ambiguous reporting channels or potential legal consequences.

Mike Heredia, a Vice President of XM Cyber Ltd., a hybrid cloud security provider, said, “This report is a powerful endorsement of the fact that given the complexity and rapid expansion in the size of an organizations attack surface that automation and AI are required to keep ahead of cybercriminals and state-sponsored threat actors. With 94% of ethical hackers confirming that they will start to use AI in the future, our view is that this needs to happen now as a reaction to the highly evolved cybercrime industry that already uses automation at scale to penetrate organizations.”

Craig Jones, Vice President of Security Operations at MDR provider Ontinue Inc., highlighted the report’s finding that nearly all hackers use ChatGPT as their preferred chatbot, followed by Google Bard and Bing Chat AI.

Craig Jones said, “These chatbots prove invaluable in assisting hackers during their security research, offering automated and efficient support. But AI chatbots are just the tip of the iceberg when it comes to AI’s influence on hacking. Hackers are eager early adopters of technologies, continuously exploring new possibilities to expand their skill sets and improve their efficacy.”