Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, has released its annual Inside the Mind of a Hacker report for 2023, which found that 72% of hackers believe AI will not replace the creativity of humans in security research and vulnerability management.
The report delves into a wide range of topics, including the impact of AI on security, what professional hackers look like and the state of hacking.
Impact of AI and the rise of Generative AI hacking
Generative AI was a major theme in the 2023 report, with 55% of respondents saying that it can already outperform hackers or will be able to do so within the next five years. However, hackers aren’t worried about being replaced, with 72% saying that Generative AI will not be able to replicate the creativity of hackers.
When asked how Generative AI is being used, the top functions hackers mentioned were automating tasks (50%), analysing data (48%), identifying vulnerabilities (36%), validating findings (35%) and conducting reconnaissance (33%).
The uptick in AI usage among hackers aligns with guidance from the US Department of Defense in 2022 and President Biden’s Cybersecurity Executive Order, EO 14028 where he noted: ‘The value of harnessing AI in cybersecurity applications is becoming increasingly clear…The methods show great promise for swiftly analysing and correlating patterns across billions of data points to track down a wide variety of cyber threats in the order of seconds.’
Challenging and confirming hacker stereotypes
Most hackers were Gen Z aged 18–24 (57%) or Millennials 25–34 (28%). The trope of hackers being disproportionately male proved true, based on this research, with 96% of respondents identifying as male.
Most hackers (82%) do not hack full time, treating it either as a part-time job, side hustle, or something they are in the process of making a full-time occupation. Only 29% described hacking as their full-time profession. The motivations for ethical hacking were varied, but the top incentives included personal development (28%), financial gain (24%), excitement (14%) and the challenge (12%).
While more than half of the respondents have graduated from college (54%) and 14% completed grad school, only 24% learned to hack through academic or professional coursework. The majority of hackers (71%) were self-taught, with most learning to hack through online resources (84%), while others learned through trial-and-error (40%) or friends and mentors (34%).
The state of hacking and vulnerability management
Views varied on how many companies understand their true risk of being breached, with 27% of respondents saying that less than 10% of companies really understand their risk.
The respondents painted a mixed picture of the global threat landscape, with 84% saying there have been more vulnerabilities since the start of the COVID-19 pandemic and 88% saying point-in-time security testing is not enough to keep companies secure. Nevertheless, 78% of respondents said that most companies’ attack surfaces are getting harder to compromise and 89% said that companies increasingly view ethical hackers in a favourable light.
Click below to share this article
