93% of hackers believe enterprise AI tools create a new attack vector

Image via Unsplash

Bugcrowd’s Inside the Mind of a Hacker 2024 report provides a survey of 1,300 ethical hackers from 85 countries, including the United States, India, Australia, Bangladesh, Vietnam, Pakistan, Egypt, Nepal, Nigeria, and the United Kingdom. The report found that 82% of respondents think the AI threat landscape is changing too quickly to be sufficiently secure. Furthermore, 93% believe AI tools used by companies have opened up a new attack vector for malicious actors to exploit.

“This report reinforces what we have stated this past year — AI is game-changing for business and organizations, however, it is also a productivity breakthrough for hackers to attack at scale at near zero cost," says Patrick Harr, CEO at SlashNext Email Security+. AI assisted attacks are now commonplace in BEC, phishing and social engineering. We anticipate that it will become more prevalent in Malware and Large Language Model (LLM) poisoning and model injection. We are at the dawn of next level, AI assisted attacks which will continue to accelerate due to the profit motives highlighted in this latest study by Bugcrowd.”

How AI is transforming hacking

71% of hackers believe AI has enhanced the value of hacking in 2024, with 86% stating it has fundamentally altered their approach to hacking.

“AI is transforming hacking, however, the future of cybersecurity depends on combining AI tools with human expertise,” Jason Soroko, Senior Fellow at Sectigo, states. “Hackers increasingly view AI as a game-changer, with 71% in 2024 believing it enhances hacking, up from 21% in 2023. AI accelerates both offensive and defensive strategies, but human insight remains crucial. Only 22% think AI outperforms humans, and fewer believe it matches human creativity. While AI offers automation and scale, humans still uncover the most complex vulnerabilities. With 83% of hardware hackers confident in breaching AI-powered devices, the AI-hardware intersection widens the attack surface. Yet, human-driven hacking remains vital, reaffirming the essential role of ethical hackers in defending against evolving threats.”

Ethics in the hacking community

“The finding that stands out to me is ‘87% believe that reporting a critical vulnerability is more important than making money off of it,’” comments John Bambenek, President at Bambenek Consulting. “What this tells me as that among the hacking community there is a strong sense of ethics that it’s more important to protect society than it is to make money. That bodes well because these skill sets are in big demand from less-than-human-rights-respecting regimes who would use these vulnerabilities to do real-world harm. In a global market where technology companies create tools and then leave it to their customers to secure themselves, it’s important that there is a class of people working to help make technology safe.”

The impact of AI on cybersecurity

“AI can already positively impact the cybersecurity field way beyond the simple automation of tasks. From intelligent response automation to behavioral analysis, and prioritization of vulnerability remediation, AI is already adding value within the cybersecurity field,” Piyush Pandey, CEO at Pathlock says. “As AI automates more tasks in cybersecurity, the role of cybersecurity professionals will evolve, as opposed to becoming a commodity. Talented cybersecurity pros with a growth mindset will become increasingly valuable as they provide the practical insights to guide AI's deployment internally.

“With the increase in regulatory and security requirements, GRC data volumes continue to grow at what will eventually be an unmanageable rate. Because of this, AI and ML will increasingly be used to identify real-time trends, automate compliance processes, and predict risks.

“Continuous, automated monitoring of compliance posture using AI can, and will, drastically reduce manual efforts and errors. More granular, sophisticated risk assessments will be available via ML algorithms, which can process vast amounts of data to identify subtle risk patterns, offering a more predictive approach to reducing risk and financial losses.”

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.