- New report shows ongoing need for human intelligence in cybersecurity
- AI continues to dominate the threat landscape
- Higher pay is the biggest motivator for security researchers
A new report from HackerOne has claimed almost half (48%) of security leaders believe AI is one of the most significant threats to their organization, and nearly 10% of researchers now specialize in AI in order to meet growing demand for AI expertise.
The top vulnerability reported to a bug bounty program was Cross-site Scripting (XSS), and for pentest this was misconfiguration emails. Bug bounty programs tend to focus on real-world attack vectors and user-level issues, whilst pentests focus on discovering architectural and systemic weaknesses.
AI is continuing to dominate the conversation and the landscape, with 55% of all reported vulnerabilities being AI safety issues, and a staggering 171% rise in AI assets in scope on the HackerOne platform.
Tech industries do better
The organizations most successful in actively reducing common vulnerabilities were security mature and tech-focused industries like e-commerce and online services. In fact, Web3 companies had 65% fewer reports for XSS than the average.
Motivation for security researchers is primarily financial, with 77% stating potential income as a driving factor, followed closely by the opportunity to learn new skills (64%).
Most respondents (67%) believe unbiased reviews by humans are the most effective tactic in uncovering AI security and safety issues. AI’s tendency for bias means that human intelligence will always be needed in cybersecurity.
“Even the most sophisticated automation can’t match the ingenuity of human intelligence. The 2024 Hacker-Powered Security Report proves how essential human expertise is in addressing the unique challenges posed by AI and other emerging technologies,” said Chris Evans, HackerOne CISO and Chief Hacking Officer.
Humans excel in manual exploitation and reconnaissance, which are two hacking skills which require human creativity, such as spotting unique weaknesses from an outsiders point of view, or uncovering overlooked domains.
You might also like
- Take a look at our pick of the best AI tools around
- Microsoft reveals major Chinese botnet is attacking users across the world
- Check out our choices for best malware removal