Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills

Bugcrowd, a multi-solution crowdsourced cybersecurity platform, releases its annual Inside the Mind of a Hacker report for 2023, which found that 72 percent of hackers believe artificial intelligence (AI) will not replace the creativity of humans in security research and vulnerability management. The report delves into a range of topics, including the impact of AI on security, a peek at what professional hackers look like, and the state of hacking.

Generative AI was a major theme in the report, with more than half of respondents (55 percent) saying it can outperform hackers or will be able to do so within the next five years. However, hackers aren’t worried about being replaced, with nearly three out of four respondents (72 percent) saying generative AI will not be able to replicate the creativity of hackers.

When asked how generative AI is being used, the top functions hackers mentioned were automating tasks (50 percent), analyzing data (48 percent), identifying vulnerabilities (36 percent), validating findings (35 percent), and conducting reconnaissance (33 percent). Nearly two out of three respondents (64 percent) believed generative AI technologies have increased the value of ethical hacking and security research.

The uptick in AI usage among hackers aligns with guidance from the U.S. Department of Defense in 2022 and President Biden’s Cybersecurity executive order, EO 14028 where he noted “The value of harnessing AI in cybersecurity applications is becoming increasingly clear … The methods show great promise for swiftly analyzing and correlating patterns across billions of data points to track down a wide variety of cyber threats of the order of seconds.”

Views varied on how many companies understand the true risk of being breached, with 27 percent of respondents saying that less than 10 percent of companies really understand their risk. Another third of respondents (33 percent) said that 10 percent to 25 percent of companies understand their risk, but only 16 percent said that more than half of companies understand their true risk of being breached.

The respondents painted a mixed picture of the global threat landscape, with 84 percent saying there have been more vulnerabilities since the start of the COVID-19 pandemic and 88 percent saying point-in-time security testing is not enough to keep companies secure.

Nevertheless, 78 percent of respondents said that most companies’ attack surfaces are getting harder to compromise, and 89 percent said companies increasingly view ethical hackers in a favorable light.

“With this report, more hackers are stepping out from the shadows of their stereotypes to tell real stories and redefine what hacking looks like as a career path,” said Dave Gerry, CEO of Bugcrowd. “As global enterprise AI adoption reaches critical mass, Bugcrowd is proud to stand at the coal face of security research, and we are thrilled that more organizations are tapping the diverse skills and expertise of hackers — at just the right time — through our platform.”