The vast majority (82%) of ethical hackers now use AI in their workflows, enabling companies to benefit from faster findings, more assessments, broader security coverage and higher quality reporting, according to Bugcrowd.
The bug bounty specialist polled 2000 security researchers worldwide to compile its Inside the Mind of a Hacker report.
It revealed a sharp jump in the share of respondents using AI, up from 64% in 2023. Three-quarters (74%) now believe AI increases the value of their work, virtually unchanged from last year.
The top AI use cases highlighted by respondents in the report were:
- Automating and accelerating repetitive tasks, in order to free up time and scale operations
- Analysis of code “humans don’t want to touch,” like messy JavaScript, unformatted files and large codebases – helping them unearth vulnerabilities in new areas
- As a research assistant that helps them “get unstuck” when presented with unfamiliar technology
For the organizations that work with ethical hackers, these advances mean they get higher quality findings that “focus on what actually needs fixing” – and they get them faster than before.
With AI acting as another team member, hacking teams can be more thorough in their work, without any need to increase budget.
The technology is also empowering hackers to “build custom tools tailored to specific targets, analyze obfuscated code at scale, and test edge cases that would have been too tedious to explore manually,” according to the report. This means more comprehensive security.
AI is also helping researchers to “polish” their reports for better quality submissions, the company claimed.
“Across every industry, from criminal gangs to nation-state actors, attackers are leveraging AI to accelerate their pace and frequency of attacks, increasingly causing defenders to be outmatched like never before,” warned Bugcrowd CEO, Dave Gerry.
“Whether through internal security teams or outsourcing part of their security operations to managed services firms, security teams must quickly ramp up their usage of AI in response to the increased threat environment.”
Read more on ethical hacking: Google Launches AI Bug Bounty with $30,000 Top Reward
The Bugcrowd report also revealed that 72% of hackers believe team collaboration leads to better results, and 61% said they find more critical vulnerabilities when working in teams. Two-fifths of respondents currently hack as part of a team and a further 44% want to do so but haven’t found teammates, it claimed.
“When hackers work in teams, they can improve their skills by learning from each other, combine strengths, expand professional networks, and even earn higher pay,” the report noted.
Who Are Ethical Researchers?
The Bugcrowd report also uncovered some interesting findings about the security research community:
- Most (89%) are between 18 and 34-years-old
- Only 5% identify as women
- A fifth identify as neurodivergent
- Two-thirds hack part time, with nearly half doing it for less than 14 hours a week and over 40% hacking for under 10 hours a week
- After “security research,” the top occupations for ethical hackers are info and web app security, education and training, and architecture and engineering
