Ethical Hackers Reveal How They Use Generative AI

Written by

Nearly three-quarters (72%) of white hat hackers do not believe that generative AI can replace human creativity in security research and vulnerability management, according to Bugcrowd’s Inside the Mind of a Hacker – 2023 report.

Nevertheless, the hackers surveyed acknowledged the importance of generative AI tools like ChatGPT in their work, with 21% stating that AI is already outperforming them. Additionally, 55% believe that these technologies have increased the value of ethical hacking and security research or will increase its value in the future.

Over three-quarters (78%) believe that AI will disrupt the way hackers work on penetration testing or bug bounty programs in the next five years.

Many of the respondents are already using generative AI in their work, including in automating tasks (50%), analyzing data (48%), identifying vulnerabilities (36%), validating findings (35%) and conducting reconnaissance (35%). The report noted a trend of hackers using AI chatbots to help write reports, with the initial text generated by AI “a good jumping off point.”

The top three AI chatbots used by respondents were ChatGPT (98%), Google Bard (40%) and Bing Chat AI (40%).

Watch here: #InfosecurityEurope: How Generative AI can be a Force for Good in Cybersecurity (video)

Demographic Make-Up

The report, which surveyed 1000 respondents from 85 countries, also provided insights into the demographic make-up of the ethical hacking community. The vast majority (90%) were young, with 57% Gen Z aged 18-24 and 28% Millennials aged 25-34, alongside 5% under the age of 18. Just 2% of those surveyed were over the age of 45.

Hackers are overwhelmingly male, at 96%, according to the report. This represents a decrease in female hackers from 6% to 4% since Bugcrowd’s Inside the Mind of a Hacker report in 2020.

Over two-thirds (68%) of respondents were educated to college or graduate level.

The survey found a significant drop off in hackers engaging in this work full time, from 42% in 2022 to 29% in 2023. However, 33% are currently part-time but aiming to work full-time in hacking. The rest either hacked part-time (25%) or as a side hustle (14%). The report highlighted the rising cost of living and an increasing desire for flexible work as possible explanations for this trend.

However, 75% identified non-financial factors as their main motivators to hack.

Increasing Vulnerabilities

Most (84%) believe there are more vulnerabilities now than at the start of the COVID-19 pandemic, with 88% arguing that point-in-time security is not enough to keep companies secure.

Additionally, 63% of respondents reported finding a new vulnerability in the past 12 months that they had not encountered before.

Organizations appear to be recognizing the value of ethical hacking in this landscape, with 89% stating that they are being viewed in a more favorable light. Almost all (96%) said they help companies fill their cybersecurity skills gaps. 

What’s hot on Infosecurity Magazine?