Ethical hackers and security researchers are getting much more enthusiastic about AI and are using the technology more widely, but are worried about the threat it represents.
Last year, only 21% of hackers told Bugcrowd that AI technologies enhance the value of hacking - but that figure has rocketed to 71% this year. Meanwhile, three-quarters revealed they're actively using generative AI solutions, up 13% from 2023.
They do, however, believe that AI has its limitations, with fewer than a quarter thinking that AI technologies outperform human hackers, and only three-in-ten believe it can replicate human creativity. These results are much the same as last year's, according to Bugcrowd.
"There is no denying that AI remains a strong force within the hacking community, changing the very strategies hackers are using to find and report vulnerabilities," said Dave Gerry, CEO of Bugcrowd.
"These insights can help businesses understand the unique value this community brings to fighting against today’s AI-driven cyber attacks."
Despite acknowledging the benefits of using AI, many security researchers warned the technology is causing significant problems.
More than nine-in-ten said companies using AI tools have created a new attack vector and more than eight-in-ten said the AI threat landscape is evolving too quickly to be effectively secured from cyber attacks.
Three-quarters said AI has made hacking more accessible, opening the door for newcomers to join the fold, and 86% believe that AI has fundamentally changed their approach to hacking.
Despite these threats, though, 73% of hackers reported being confident in their ability to uncover vulnerabilities in AI-powered apps.
Ethical hackers raise the alarm on rise of hardware threats
The report from Bugcrowd also revealed a sharp increase in hardware hacking, with eight-in-ten hardware hackers saying they'd encountered a new vulnerability they had never seen before in the past 12 months. Two-thirds believe that there are more vulnerabilities now than a year ago.
However, it's only the hardware hackers themselves that are really aware of the scale of the problem. While more eight-in-ten are confident they can hack AI-powered hardware and software, only a third of hackers in general see hardware hacking as a particularly important specialty.
"Hardware hacking, or the exploitation of vulnerabilities in the physical components of electronic devices, was once considered a specialized field," said Michael Skelton, VP of security operations at Bugcrowd.
"However, the proliferation of inexpensive, vulnerable smart devices has increased interest in hardware hacking among both ethical hackers and cybercriminals."
The survey also looked at how ethical hackers got into the business, and found it's a young person's game, with 88% between the ages of 18 and 34. Two-thirds said they were either hacking full-time or actively trying to pursue a full-time hacking career.
Many are self-taught. While three-quarters have a college degree or higher, only 29% learned their hacking skills through academic or professional coursework.
Instead, 87% reported learning through online resources, 78% through self-study, and 43% through trial and error.
