Bugcrowd, a multi-solution crowdsourced cybersecurity platform, has released its annual “Inside the Mind of a Hacker” report for 2023. The report, which explores various topics including the impact of AI on security and the state of hacking, reveals that 72% of hackers believe that artificial intelligence (AI) will not replace the creativity of humans in security research and vulnerability management.
One of the major themes highlighted in the report is the rise of generative AI hacking. More than half of the respondents (55%) stated that generative AI can already outperform hackers or will be able to do so within the next five years. However, despite this, hackers are not concerned about being replaced. In fact, 72% believe that generative AI will not be able to replicate the creativity of hackers. The report further details how generative AI is being utilized, with hackers mentioning its use in automating tasks, analyzing data, identifying vulnerabilities, validating findings, and conducting reconnaissance. Moreover, 64% of respondents believe that generative AI technologies have increased the value of ethical hacking and security research.
The growing usage of AI among hackers aligns with guidance from the U.S. Department of Defense in 2022 and President Biden’s Cybersecurity executive order, EO 14028. The Department of Defense recognizes the value of harnessing AI in cybersecurity applications, stating that it shows great promise in swiftly analyzing and correlating patterns across billions of data points to track down cyber threats.
The report also challenges and confirms hacker stereotypes. Most hackers surveyed were from Generation Z (57%) or Millennials (28%), and the majority identified as male (96%). Only 2% of respondents were over 45 years old. Additionally, the motivations for ethical hacking varied, with personal development, financial gain, excitement, and the challenge being the top incentives. Interestingly, 87% of respondents stated that reporting a vulnerability is more important than making money from it.
While more than half of the respondents have completed college (54%), only a minority (24%) learned to hack through academic or professional coursework. The majority of hackers (71%) were self-taught, utilizing online resources, trial-and-error, or learning from friends and mentors.
Regarding the state of hacking and vulnerability management, the report indicates that views varied on how well companies understand their risk of being breached. 27% of respondents stated that less than 10% of companies truly understand their risk. Furthermore, 84% of respondents believe that there have been more vulnerabilities since the start of the COVID-19 pandemic, and 88% believe that point-in-time security testing is not sufficient to keep companies secure. Interestingly, 78% of respondents believe that most companies’ attack surfaces are getting harder to compromise, and 89% believe that companies increasingly view ethical hackers in a favorable light.
The report also highlights that nearly two-thirds of respondents (63%) discovered a new vulnerability in the past 12 months that they had not encountered before. However, more than half of the respondents (54%) chose not to disclose a vulnerability due to a lack of clear pathways to report it without risking legal consequences.
Overall, the report showcases how hacking is increasingly being leveraged for career development, as many respondents stated that their hacking skills helped them build long-term relationships, and over half of them said that hacking had helped them secure remote job opportunities.
The “Inside the Mind of a Hacker” report collected responses from 1,000 hackers across 85 countries, including the United States, Australia, Brazil, Canada, Ethiopia, India, France, Jordan, Singapore, and the United Kingdom.
Bugcrowd CEO Dave Gerry expressed his excitement about the report, stating that it allows hackers to redefine what hacking looks like as a career path. He emphasized that as global enterprise AI adoption reaches critical mass, Bugcrowd is proud to stand at the forefront of security research, bridging the gap between organizations and the diverse skills and expertise of hackers.
For those interested, the full “Inside the Mind of a Hacker — 2023” report is available for download on Bugcrowd’s website.
Bugcrowd is a San Francisco-based cybersecurity platform that combines data and ML-driven crowd-matching with decades of applied experience to bring the right human creativity to address cybersecurity problems. The Bugcrowd Security Knowledge Platform™ enables businesses to identify hidden vulnerabilities across their entire attack surface by leveraging the knowledge of world-class hackers. It is trusted by organizations worldwide and has received backing from several venture capital firms. More information about Bugcrowd can be found on their website.
About Bugcrowd:
Bugcrowd is the pioneer and innovator in crowdsourced cybersecurity, the premier provider of managed bug bounty programs, vuln disclosure, and next-gen pen testing. Bugcrowd’s award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations solve security challenges, protect customers, and make the digitally-connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.
Disclaimer: This article is a rewrite of a press release. The content, ideas, and opinions expressed in this article are solely those of the author and do not necessarily represent the views and opinions of Bugcrowd Inc. or its subsidiaries.