{"id":95395,"date":"2023-07-12T08:00:00","date_gmt":"2023-07-12T08:00:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=95395"},"modified":"2023-07-12T08:00:00","modified_gmt":"2023-07-12T08:00:00","slug":"hackers-we-wont-let-artificial-intelligence-get-the-better-of-us","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95395","title":{"rendered":"Hackers: We won\u2019t let artificial intelligence get the better of us"},"content":{"rendered":"
<\/div>\n

Artificial intelligence<\/a> (AI) doesn\u2019t stand a chance of being able to replicate the human creativity needed to become an ethical hacker<\/a>, but it will disrupt how hackers conduct penetration testing and work on bug bounty programmes, and is already increasing the value of hacking to organisations that are prepared to engage with the hacking community rather than dismiss it outright.<\/p>\n

This is according to the hackers who contributed to the latest edition of Inside the mind of a hacker <\/i>(ITMOAH)<\/em>, an annual report from crowdsourced penetration testing firm Bugcrowd<\/a>, which sets out to offer an in-depth look at how hackers think and function, and why they do the things they do. This year unsurprisingly leans into AI in a big way.<\/p>\n

When it came to the existential questions around whether or not AI could outperform the average hacker or render them irrelevant, 21% of respondents said AI was already outperforming them, and a third said it will be able to do so given another five years or so.<\/p>\n

The vast majority, 78%, said AI would disrupt how they work on penetration testing or bug bounty programmes some time between now and 2028, with 40% saying it has already changed the way people hack, and 91% of hackers saying generative AI either has already, or will in future, increase the value of their work.<\/p>\n

Outperforming a human doing repetitive, sometimes monotonous, work such as data analysis is one thing, but hacking as a vocation also encourages creativity of thought, and it is here that the community seems to feel humans will continue to have an edge, with 72% saying they did not think AI will ever be able to replicate these qualities.<\/p>\n

\u201cI\u2019ve done a fair amount with AI, and as impressive as it is, I don\u2019t think it will be replacing humans for quite some time, if ever,\u201d said one respondent, a 20-year cyber security veteran who hacks on the Bugcrowd platform using the handle Nerdwell.<\/p>\n

\u201cAI is very good at what it does \u2013 pattern recognition and applying well-known solutions to well-known problems,\u201d he said. \u201cHumans are biologically designed to seek out novelty and curiosity. Our brains are literally wired to be creative and find novel solutions to novel problems.\u201d<\/p>\n

\n

<\/i>Bugs and issues<\/h3>\n

Another Bugcrowd hacker, who goes by the handle OrwaGodfather, added: \u201cAI is great, but it will not replace me. There are some bugs and issues, just like any other technology.<\/p>\n

\u201cIt can have an effect on my place in hacking, though. For example, automation has huge potential to help hackers,\u201d said OrwaGodfather, who started hacking in 2020 and when away from his keyboard works as a professional chef.<\/p>\n

\u201cIt can make things easier and save time,\u201d he said. \u201cIf I find a bug when performing a pen test and I don\u2019t want to spend 30 minutes writing a report, I can start by using AI to write descriptions for me. AI makes hacking faster.\u201d<\/p>\n<\/section>\n

\n

<\/i>How are hackers using AI?<\/h3>\n

Whatever their gut feelings may be, Bugcrowd\u2019s hackers are scrambling aboard the AI train, with 85% saying they had played around with generative AI technology, and 64% already incorporating it into their security workflows in some way \u2013 a further 30% said they planned to do this in the future.<\/p>\n

Hackers who have adopted or who plan to adopt generative AI are most inclined to use Open AI\u2019s ChatGPT<\/a> (a Bugcrowd customer) \u2013 cited by 98% of respondents \u2013 with Google\u2019s Bard and Microsoft\u2019s Bing Chat AI at 40%.<\/p>\n

Those that have taken the plunge are using generative AI technology in a wide variety of ways, with the most commonly used functions being text summarisation or generation, code generation, search enhancement, chatbots, image generation, data design, collection or summarisation, and machine learning.<\/p>\n

Within security research workflows specifically, hackers said they found generative AI most useful to automate tasks, analyse data, and identify and validate vulnerabilities. Less widely used applications included conducting reconnaissance, categorising threats, detecting anomalies, prioritising risk and building training models.<\/p>\n

Many hackers who are not native English speakers or not fluent in English are also using services such as ChatGPT to translate or write reports and bug submissions, and fuel more collaboration across national borders.<\/p>\n<\/section>\n

\n

<\/i>What is a hacker?<\/h3>\n

Over the past decade, Bugcrowd\u2019s annual report has also served a secondary purpose, that of helping to humanise the hacking community and disrupt negative and unhelpful stereotypes of what a hacker actually is.<\/p>\n

This is particularly important given that, in spite of years of pushback and attempts to educate, many people who should know better readily and intentionally conflate the term hacker with the term cyber criminal.<\/p>\n

\u201cWe\u2019ve taken on the responsibility of helping the market understand what a hacker actually is,\u201d Casey Ellis, Bugcrowd founder, chief technology officer and report co-author told Computer Weekly at the recent Infosecurity Europe cyber trade fair<\/a>.<\/p>\n

\u201cI think when we started, everyone assumed it was a bad thing,\u201d he said. \u201cSome 10 years on, we\u2019re now at a point where people understand that hacking is actually a skill set. Like most skill sets, it\u2019s dual-use. It\u2019s like lockpicking. If you\u2019ve got that skill, you can become a locksmith, or a burglar. There\u2019s nothing wrong with lockpicking \u2013 it\u2019s how you\u2019re actually using it. Hacking is the same.\u201d<\/p>\n<\/section>\n

\n

<\/i>Are the kids all right?<\/h3>\n

The 2023 ITMOAH<\/em> report shows how some fundamental shifts in hacker culture and demographics look set to shake up the cyber security landscape in the coming years.<\/p>\n

For the first time, the report reveals, the majority of active hackers, between 55% and 60%, are now members of the Generation Z cohort currently in their teens and early 20s, while between 33% and 36% are Millennials aged from their late 20s to early 40s.<\/p>\n

And despite hacking\u2019s cultural roots in the 1980s<\/a>, only 2% are members of Generation X, those born between the mid-1960s and approximately 1980, the youngest of whom are now about 45 years old.<\/p>\n

So, are the stereotypes of teenage hackers actually proving accurate, and more pertinently, are the kids all right? \u201cWe\u2019re seeing a pretty rapid acceleration of participation from people that are under 18,\u201d said Ellis. \u201cIt\u2019s still a very small population, only 6%, but it\u2019s up from 3% year-on-year, which is a big shift.\u201d<\/p>\n

He said this trend will become increasingly relevant because today\u2019s teenagers think about technology in a fundamentally different way to those born even a few short years earlier.<\/p>\n

\u201cI\u2019ve got a 15-year-old daughter and the way she interacts with technology is completely different to me,\u201d said Ellis. \u201cHer introduction to technology was all about the interface \u2013 mine was all about the plumbing. We just think about the internet in a fundamentally different way.<\/p>\n

\u201cNow, I know stuff that she\u2019ll never know because I grew up with the nuts and bolts, but she\u2019ll think about the interface in a way that I probably never will because I\u2019m so consumed with the nuts and bolts.<\/p>\n

\u201cYou talk about Millennials as digital natives, but Gen Z and younger are actually digital natives,\u201d he said. \u201cThey\u2019re able to wander through that environment in an intuitive way that we can\u2019t really understand. I can try to empathise with that, and I can get most of the way there, but I recognise the fact I\u2019ll never fully understand because it\u2019s not my experience.\u201d<\/p>\n

This generation is also proving adept at challenging the mores and assumptions of their elders that have often been built into technology, and Ellis said this gives them an advantage in figuring out what is coming next, and where future vulnerabilities may lie.<\/p>\n

The other part of this trend is that today\u2019s teens are more politically and socially motivated, and more diverse, in ways that older people are not. This factor is already changing the cyber landscape and will certainly continue to do so.<\/p>\n

Take Lapsus$, the teenage-run cyber extortion collective that attacked the systems of ride-sharing service Uber in 2022<\/a> for no particular reason other than they didn\u2019t care for Uber\u2019s ethics<\/a>.<\/p>\n

\u201cOne of the big things that I\u2019ve been saying since Lapssus$ is that as defenders, we\u2019re not ready for a chaotic act,\u201d said Ellis. \u201cWe\u2019ve been thinking about cyber criminals, nation states, threat actors as having a symmetric motivation.<\/p>\n

\u201cA nation state wants to advance the nation, cyber criminals want money. They\u2019re predictable. And there is symmetry in what they\u2019re doing. Folks that come in with more of an activism bent, you don\u2019t really know what they want. And in the case of Lapsus$, it\u2019s like \u2026 we just want to make a mess because those guys suck. How do you defend against that? We haven\u2019t really been thinking in that way since Lulzsec<\/a>, which was probably the last example of a group that did that.\u201d<\/p>\n

Of course, the teens on Bugcrowd\u2019s platform are not attacking organisations in the same sense as Lapssus$ did, but in its story there is a lesson for the hacking community, and the defenders, and clearly the potential to channel activity that might otherwise be expended on malicious acts into legitimate security work is immense.<\/p>\n

The full report, which can be downloaded to read in full from Bugcrowd<\/a>, contains a wealth of additional insight into hacker demographics \u2013 the gender gap is increasing, likely due to the extra pressure the Covid-19 pandemic put on many women \u2013 motivations to hack, what hackers think ordinary security teams need to do better, and more besides.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

Artificial intelligence (AI) doesn\u2019t stand a chance of being able to replicate the human creativity needed to become an ethical hacker, but it will disrupt how hackers conduct penetration testing and work on bug bounty programmes, and is already increasing the value of hacking to organisations that are prepared to engage with the hacking community […]<\/p>\n","protected":false},"author":1,"featured_media":95396,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-95395","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95395"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95395\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95396"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}