Artificial intelligence (AI) has been a hot topic in recent years, as rapidly evolving technological capabilities have been increasingly adopted for both business and personal use. This trend has included the use of AI for a variety of cybersecurity purposes, as well as for cybercriminal tactics.
In the most recent annual installment of their Inside the Mind of a Hacker (ITMOAH) report, crowdsourced cybersecurity firm Bugcrowd explores the state of the ethical hacking community, including the impact of the AI boom, based on input from almost 1,300 hackers.
The Growing Impact of AI on Hacking
According to the 2024 ITMOAH report, “AI is the new normal.” The growing popularity of AI has transformed the hacking landscape: 71% of hackers say that AI has increased the value of hacking, whereas in 2023, the proportion was only 21%. Beyond the use of AI as a tool, however, a staggering 93% of hackers see it as a new attack vector. The technological advances in AI have become a double-edged sword, providing both a tool and a target for hackers.
AI as a Powerful Tool for Hackers
The use of AI can help hackers improve the speed and accuracy of their work, enabling them to seek out vulnerabilities more effectively and more efficiently. More than three-quarters (77%) of hackers use AI as a tool in their work, and 86% say that AI has changed their approach to hacking.
AI-enhanced tools can benefit hackers by automating some of the difficult and time-consuming processes involved in hacking, including vulnerability scanning and patching, network traffic analysis, and threat detection. Furthermore, “AI can already positively impact the cybersecurity field way beyond the simple automation of tasks,” says Piyush Pandey, CEO at Pathlock, “from intelligent response automation to behavioral analysis and prioritization of vulnerability remediation.” With tools to carry out in-depth analyses and security scans automatically, hackers can dedicate more of their own time and expertise to the parts of the job that require a human touch.
AI’s Vulnerabilities: A Growing Target for Hackers
Unfortunately, with the advantages of AI-empowered tools comes a range of vulnerabilities. Overwhelmingly, AI technology and tools are developing too rapidly for security measures to keep up; 82% of hackers say that AI is evolving too quickly to be adequately secured.
Organizations using AI tools have become prime targets for threat actors looking for unmitigated vulnerabilities to exploit. One hacker cited in the ITMOAH report stated that they were able to accidentally carry out a remote code execution (RCE) via an AI chatbot misconfiguration. If threat actors were to take advantage of a vulnerability like this, it could endanger organizations’ devices, systems, and data by allowing cybercriminals to execute malicious code.
Hardware Hacking on the Rise
Cybercriminals are increasingly targeting hardware vulnerabilities found in the vast infrastructure required for AI computing. According to the report, 81% of hackers had encountered a hardware vulnerability type in the past year that they hadn’t previously seen. With the increasing availability of hardware tools, cybercriminals are finding them more accessible and targeting them more.
A wide majority of hackers are confident in their ability to breach AI-enhanced devices. “With 83% of hardware hackers confident in breaching AI-powered devices, the AI-hardware intersection widens the attack surface,” according to Jason Soroko, Senior Fellow at Sectigo. The rise of hardware hacking, rather than contradicting the prevalence of AI-related threats, is deeply connected to the evolution of AI technology.
A New Generation of Hackers Embraces AI
Nine out of ten hackers in the ITMOAH report are from younger generations, either millennials or Gen Z. For this new generation; hacking is a viable source of income: 67% are either hacking full-time or attempting to pursue full-time hacking as a career, 61% say that hacking helped them find employment, and 59% dedicate fewer than 14 hours each week to hacking. Many younger people are drawn to hacking as a job because of the flexibility in scheduling and location and the self-directed nature of the work. With the rise of AI-empowered tools, hacking is more accessible than ever, inviting younger generations to try their hand at it.
The Role of Ethical Hackers in Defending Against AI Threats
Ethical hackers have always been crucial to cybersecurity operations, and this is especially true as the evolution of AI has created new attack vectors. These hackers play a critical role in identifying and mitigating the ever-increasing threats putting organizations and individuals at risk. Almost three-fourths (73%) of hackers are confident in their own ability to discover vulnerabilities hidden in AI-enabled systems.
Hackers also work with security teams to strengthen their defenses. By using hacking techniques to seek out vulnerabilities in an organization’s systems, hackers provide insight into where security measures may be falling short and where defenses should be fortified. This enables security teams to reevaluate their tools and methods with the additional perspective that hackers can provide.
Navigating the Future of AI-Driven Cybersecurity
With the quick evolution of AI technology, it is essential for organizations to find a balance between fostering innovation with cutting-edge tools and maintaining secure systems. Extremely new tools are not likely to have adequate security, and advances in AI technology move much faster than cybersecurity measures can adapt. Organizations should take appropriate measures to ensure that any AI tools they use are secured against cyberattacks.
Working with ethical hackers is one of the most direct ways to try to stay ahead of AI-enabled threats. They attempt to find vulnerabilities by taking the approach of a potential attacker; in this way, they can discover risks proactively and alert organizations to mitigate vulnerabilities before threat actors can take advantage of them.
