For the past eight years, the Bugcrowd hacking platform has surveyed its users to produce a report called “Inside the Mind of a Hacker” which reveals the year-on-year evolution of the ethical hacker. From hacker community neurodiversity to the rise of the hacker as influencer, many surprising aspects of the hacking life have emerged. This year, with some 1,300 hackers taking part, the biggest surprise is likely just how many are embracing AI as a tool, tactic and threat.
Inside The Mind Of A Hacker 2024
“Celebrating hackers is at the core of what we do at Bugcrowd,” the company CEO, Dave Gerry, said. The latest Bugcrowd report confirmed the view that the AI threat landscape is evolving too fast to be adequately secured, with 81% of those hackers questioned agreeing. Yet, at the same time, the number who felt that AI enhances the value of hacking has jumped from just 21% in 2023 to 71% this year. The latter shift in hacker mindset can best be seen in the fact that 1,000 of those asked said that they are now using AI tools in their hacking work.
One of the significant shifts in the way AI is used by hackers can be seen in the top use case for generative platforms: last year, it was for task automation, and this year, it’s for data analysis. This should be a warning flag for all because data analysis, be that software or hardware-related, is the keystone for most hacking activity. 74% of the hackers asked agreed that AI has made hacking more accessible, and by making data analysis easier the number of new entrants into the hacking field is only likely to continue to rise. This is, of course, a good thing when we are talking about ethical hackers: the folk who uncover and then disclose vulnerabilities so they can be fixed before criminal hackers get a chance to exploit them. The flip side is as apparent as it is concerning; criminal hackers are also exploring and exploiting the same opportunities that AI presents.
If there is good news to be drawn out of this report, then surely the fact that only 286 of the hackers surveyed believe AI outperforms them is better than a human hacker, is it? Slightly more, worryingly, thought that AI can replicate human hacking creativity. These numbers are pretty-much the same as those from the 2023 survey, so it kind of shows that AI isn’t evolving as fast as many have thought, at least when it comes to the actual day-to-day nitty-gritty of being a hacker for hire.
The AI Force Is Strong Among Ethical Hackers
Bugcrowd’s CEO, Dave Gerry, said that there is no denying that AI is “a strong force within the hacking community,” going beyond the hyperbole and “changing the very strategies hackers are using to find and report vulnerabilities.” This is the vital part of the report for me, for rather than being a doom-scrolling nightmare, the cybersecurity warning is aimed at the threat actors exploiting today’s AI-driven cyberattacks. This report “focuses on highlighting what’s next for the hacking community,” Gerry said, “What trends are we seeing? What unique directions are hackers taking in their security research? How can Bugcrowd customers and the greater cybersecurity community benefit from these shifts?”
Take hardware hacking, something that the Internet of Things has pushed to the forefront of most every hacker across the last decade or more. While you might imagine nothing could be further from the mind of the hardware hacker than large language model AI tools, you’d be very wrong indeed. “Hardware hacking, or the exploitation of vulnerabilities in the physical components of electronic devices, was once considered a specialized field,” says Michael Skelton, vice president of security operations at Bugcrowd, said, “however, the proliferation of inexpensive, vulnerable smart devices has increased interest in hardware hacking among both ethical hackers and cybercriminals.” And now AI is changing the big hunting hacking industry as well. AI algorithms can not only perform complex analyses, discovering minute variations in power consumption and electromagnetic emissions, for example, but they can also uncover behavioral patterns that the human hacker could easily miss.