AI will outperform the average hacker in five years -- say hackers
The latest 'In the Mind of a Hacker' report from Bugcrowd, which includes responses from 1,000 white hat hackers across 85 countries, finds 55 percent saying that generative AI can already outperform hackers or will be able to do so within the next five years.
But despite this, hackers aren't especially worried about being replaced, with 72 percent saying that generative AI will not be able to replicate the creativity of human hackers.
When asked how generative AI is being used, the top functions that hackers mention are automating tasks (50 percent), analyzing data (48 percent), identifying vulnerabilities (36 percent), validating findings (35 percent), and conducting reconnaissance (33 percent). Nearly two out of three respondents (64 percent) believe that generative AI technologies have actually increased the value of ethical hacking and security research.
"What will happen to the human element with the introduction of mainstream generative AI technologies?" asks Casey Ellis, founder and CTO of Bugcrowd. "There is a lot of speculation out there about the impact generative AI will have on security. I believe that cybersecurity is about to become less predictable. 91 percent of hackers surveyed believe that generative AI will increase their effectiveness, which implies that the adversary is innovating in similar ways. As such, tactics, techniques, and procedures are changing at a faster rate."
Among the report's other findings, most hackers (82 percent) don't hack full time, treating it either as a part-time job, side hustle, or something they are in the process of making a full-time occupation. Only 29 percent describe hacking as their full-time profession.
The motivations for ethical hacking are varied, but the top incentives include personal development (28 percent), financial gain (24 percent), excitement (14 percent), and the challenge (12 percent). Another six percent of respondents say they hack for the greater good, and 87 percent say that reporting a vulnerability is more important than making money from it.
The full report is available on the Bugcrowd site.