Just over half of hackers said in a new poll that generative artificial intelligence can already outperform hackers or will in the next five years, but nearly three-fourths said AI won’t be able to replicate the creativity of human hackers.
Generative AI was a major theme of Bugcrowd’s “Inside the Mind of a Hacker” report for 2023, released Wednesday, and was viewed by 64% of respondents in a positive light, saying it increased the value for ethical hacking and security research.
In the introduction, founder and CTO Casey Ellis wrote that he believes cybersecurity will become less predictable as 91% of hackers responding that generative AI will increase their effectiveness.
The top functions for its use were automating tasks (50%), analyzing data (48%), identifying vulnerabilities (36%), validating findings (35%), and conducting reconnaissance (33%). More than 9 in 10 (94%) said they plan to use AI in the future to help them hack ethically, while 78% said AI will disrupt the way they conduct penetration testing or work on bug bounty programs.
A large majority of hackers (85%) have used generative AI technology in their hacking workflow, with 64% specifically using it in their security research. About one-fifth of respondents (21%) already believe AI outperforms their hacking abilities, while 55% said that they think AI will outperform them within five years. Slightly fewer (45%) said they don’t think AI ever will.
ChatGPT was used overwhelmingly by respondents in their hacking (98%), followed by Google Bard and Bing Chat AI trailing with 40% each.
Besides generative AI, about a quarter of respondents (27%) said that fewer than 10% of companies understand the risk of being breached, and that there have been more vulnerabilities since the start of the COVID-19 pandemic (84%). However, 78% of respondents said it’s getting harder to compromise companies’ attack surfaces.
With 89% responding that ethical hacking is viewed in a positive light, just over half (53%) said hacking has helped them get remote work.
Bugcrowd received over 1,000 respondents from 85 countries for the report. Hackers were most likely to be young men, as a whopping 96% of respondents identified themselves as male, with 57% being between the age of 18-24 and another 28% were between 25-34.