skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition
HackerOne Report Highlights AI's Impact on Cybersecurity

HackerOne Report Highlights AI's Impact on Cybersecurity

/ 4 min read

stories , cybersecurity , vulnerabilities , bug bounty , ai security , human expertise

Quick take - The 2024 Hacker-Powered Security Report by HackerOne examines the relationship between artificial intelligence and cybersecurity, revealing insights from security professionals about the risks, vulnerabilities, and evolving practices in the field, including a notable increase in AI-related security issues and the importance of external reviews to mitigate risks.

Fast Facts

  • The 2024 Hacker-Powered Security Report reveals that 10% of security researchers specialize in AI, while 48% of security leaders view AI as a significant risk.
  • A notable 67% of security professionals advocate for external reviews of AI implementations to mitigate associated risks.
  • AI safety issues account for 55% of reported AI vulnerabilities, which are easier to report than traditional security vulnerabilities.
  • The report highlights a 171% increase in AI assets on the HackerOne platform, with average bounty payouts for AI safety reports at $401, compared to $689 for AI security programs.
  • 64% of respondents believe Generative AI will significantly impact their organizations, yet 51% express concerns about reputational risks and overlooked security practices in its implementation.

The 2024 Hacker-Powered Security Report

The 2024 Hacker-Powered Security Report by HackerOne provides critical insights into the intersection of artificial intelligence (AI) and cybersecurity. The report draws from the perspectives of researchers, customers, and security leaders.

Key Findings

  • AI Specialization and Risks: The report reveals that 10% of security researchers specialize in AI technology. Meanwhile, 48% of security leaders perceive AI as a significant risk to their organizations. This concern is highlighted by the finding that 67% of security professionals advocate for external and unbiased reviews of AI implementations, seen as the most effective strategy to mitigate safety and security risks associated with AI.

  • Increase in AI Vulnerabilities: The report details a 171% increase in AI assets within the HackerOne platform. Of the reported AI vulnerabilities, 55% are classified as AI safety issues, which present a lower barrier to entry for valid reporting compared to traditional security vulnerabilities. AI safety has become one of the top five reported vulnerabilities, reflecting a growing focus on this area.

  • Financial Implications: Financial implications are also noted in the report. The average bounty payout for AI safety reports is $401, in contrast to the average payout for AI security programs, which is $689. Additionally, 64% of respondents believe that Generative AI (GenAI) will significantly impact their organizations, with 62% expressing confidence in securing the use of GenAI. However, 51% are concerned about reputational risks tied to AI implementations.

The report raises alarms about basic security practices being overlooked in the rush to implement GenAI, with another 51% of respondents indicating this trend. AI and automation are reported to save organizations an average of $2.2 million per breach, improving detection and containment. Organizations lacking these tools face longer response times and elevated costs associated with security breaches.

HackerOne’s data highlights the predominant methods for identifying security issues. Penetration tests (pentests) typically uncover systemic vulnerabilities, while bug bounty programs reveal real-world attack vectors, including user-level issues and business logic flaws. Cross-site scripting (XSS) remains the most frequently discovered weakness, with Web3 companies reporting 65% fewer XSS vulnerabilities compared to the industry average.

Evolving Landscape of Security Research

The report notes a shift in the security research landscape, with 30% of security researchers currently engaged in hacking full-time, an increase from 24% in 2023. Additionally, 44% of researchers dedicate over 20 hours a week to hacking, up from 35% the previous year. Motivations for hacking are largely financial, with 77% of researchers indicating that income potential drives their efforts, while 64% are motivated by the opportunity to learn new skills.

Organizations are increasingly requesting the security community to assess a broader range of products and technologies, with 56% of researchers specializing in APIs and nearly 10% focusing on AI and large language models (LLMs). Chris Evans, HackerOne’s CISO and Chief Hacking Officer, emphasized the importance of human expertise in addressing the challenges posed by AI and emerging technologies. The report provides guidance on fostering productive relationships between organizations and security researchers, which is crucial for effectively identifying and resolving vulnerabilities in an evolving digital landscape.

Original Source: Read the Full Article Here

Check out what's latest

New Metric Aims to Improve ML-NIDS Against Adversarial Attacks
New Metric Aims to Improve ML-NIDS Against Adversarial Attacks
Zero-Space Detection Framework for Ransomware Identification Introduced
Zero-Space Detection Framework for Ransomware Identification Introduced
Intelligent Attacks on Cyber-Physical Systems Examined
Intelligent Attacks on Cyber-Physical Systems Examined