HackerOne: Ethical Hackers, GenAI, and the Path to a Safer Digital Future in 2024

HackerOne experts Alex Rice, Michiel Prins, and Chris Evans, provide insights into the evolving landscape of cybersecurity and what the industry should expect in 2024. They emphasize the critical role of human oversight in the era of generative artificial intelligence (GenAI), caution against rushed implementations, and highlight the growing importance of ethical hackers in securing emerging technologies. Additionally, they underscore how ethical hacking is democratizing cybersecurity talent and fostering a diverse, creative workforce ready to tackle the challenges posed by GenAI.

Alex Rice, Co-Founder & CTO, HackerOne

Over the next year, we’ll see many overly optimistic companies place too much trust in generative AI's (GenAI) capabilities —cy but we can’t forget security basics. Nearly half of our ethical hacker community (43%) believes GenAI will cause an increase in vulnerabilities within code for organizations. It's essential to recognize the indispensable role human oversight plays in GenAI security as this technology evolves.   

The largest threat GenAI poses to organizations is in their own rushed implementation of the technology to keep up with competition. GenAI holds immense potential to supercharge productivity, but if you forget basic security hygiene during implementation, you’re opening yourself up to significant cybersecurity risk.   

Low code tools built on GenAI also threaten the security of software development lifecycles. GenAI empowers people without the proper technical foundations to produce technical products. If you don’t fully understand the code you’re producing, that’s a huge problem.  

The best solution I see to ensure the safe implementation of GenAI is to strike a balance: organizations must remain measured and conservative in their adoption and application of AI. For now, AI is the copilot and humans remain irreplaceable in the cybersecurity equation.  

Michiel Prins, Co-founder, Product, HackerOne  

As the adoption of generative artificial intelligence (GenAI) accelerates, organizations have realized they must prioritize security and risk management as they build and implement this emerging technology. The work we’re already doing with customers, including leading AI companies, proves the value hackers deliver to secure GenAI. Red teaming and the insights hackers offer will play an increasingly central role in ensuring the security of this new technology — as exemplified by the Biden Administration’s endorsement of red teaming in its recent executive order.  

 While we’re seeing more external support for ethical hacking, the value they offer isn’t new; ethical hackers are consistently first to pressure test emerging technology. Their creative, adversarial, and community-minded approach gives them a distinct advantage in understanding novel security issues. In fact, they’ve already played a part in defining GenAI risks: HackerOne and a number of hackers contributed to the development of the OWASP Top 10 Vulnerabilities for LLMs.   

 Our 2023 Hacker-Powered Security Report found more than half of hackers expect GenAI tools to become a major target for them — and we can assume malicious actors are planning the same. As AI continues to shape our future, and new emerging technologies crop up, the ethical hacker community will remain at the forefront of identifying new risks. 

Chris Evans, CISO and Chief Hacking Officer, HackerOne  

As we look toward 2024, one thing is clear: a pipeline of diverse talent into the cybersecurity workforce remains a significant industry problem. However, there is hope to meet this challenge.  

The growing popularity of ethical hacking, particularly among younger generations, has democratized how anyone with a computer, technical ability, and creativity can earn money and experience to jumpstart a cybersecurity career.   

Hackers also recognize this opportunity. Our own Hacker-Powered Security Report found more than three-quarters (78%) of hackers on the HackerOne platform hack to learn and advance their careers. We’ve heard countless stories of those in the ethical hacker community who started hacking in high school and recently found their calling—and a career—through hacking. Hacking experience helps these individuals evolve into in-house penetration testers or bug bounty program managers, where their frontline experience provides invaluable insights. Ethical hacking is creating a diverse, skilled, and creative workforce capable of viewing cybersecurity challenges from multiple perspectives.  

  These fresh perspectives become even more essential when considering how Generative AI adds to the requisite skills teams must hold to protect organizations. Hackers have proven their ability to address and identify GenAI risks: HackerOne and a number of hackers contributed to the development of the OWASP Top 10 Vulnerabilities for LLMs. More than half of hackers within our community also plan for GenAI to be a main target and to specialize in hacking the OWASP Top 10 for LLMs. The lower barrier to entry for individuals interested in this field builds an inclusive path toward the security experts of tomorrow and a safer internet for everyone.