According to Hackerone, 10% of security researchers now specialize in AI technology because 48% of security leaders consider AI.
The hackeron report combines the prospects of the community of researchers, customers and security managers. He explores how security -oriented organizations integrate human expertise into technology and AI for a deep defense strategy.
AI is a threat and an opportunity
67% of security professionals have said that an external and impartial examination of AI implementations is the most effective way to mitigate the risk of safety and security overall.
There was a 171% increase in AI assets in the scope of the Hackerone platform, with 55% of all Vulnerabilities of AI declared to be AI security problems. AI security problems often have a lower barrier at the entry for valid reports and have a different risk profile compared to traditional security vulnerabilities.
The obstacles reduced to the entry for AI security reports means that the bonuses for these reports are slightly lower, with an average payment of $ 401, against $ 689 for the IA security programs. Although Vulnerabilities of AI security are currently in the scope of a limited number of programs, the volume of reports is significantly higher, which makes the security of the first five vulnerabilities reported.
64% of respondents think that Genai will have a major impact on their organization, 62% confident in their ability to guarantee its use. In addition, 70% believe that AI legislation will help improve safety and security.
However, 51% is concerned with the reputation risks linked to the AI, and an additional 51% stress that basic security practices are neglected to implement the GENAI.
AI and automation are powerful efficiency tools, saving organizations on average $ 2.2 million per violation by helping to detect and contain violations faster, which reduces the overall impact. Companies without AI and automation are faced with longer response times and higher violation costs.
Crypto bonuses continue to lift the bar
Penses and bonuses of bugs also continue to be the main commitments identifying these problems. Pensions reveal more systemic or architectural vulnerabilities such as configuration errors. For Bug Bounty, security researchers focus on active real world attacks, user problems and the faults of business logic, with XSS as the most common weakness.
Mature and security -based industries such as online services, retail and electronic commerce actively reduce common vulnerabilities as opposed to more traditional industries. Web3 companies also have 65% less reports for XS than industry average.
Crypto and blockchain organizations continue to pay well above the average of vulnerabilities, with bonuses in the 95th centile reaching $ 1 million. Internet and online services, retail and electronic commerce and computer software provides highest average payments.
A larger part of the community of security researchers chooses the flexibility of a full -time career, because security researchers spend more hours on the development of their skills. 30% now pirate full time, compared to 24% in 2023 and 44% spend more than 20 hours per week, against 35% the previous year.
While safety researchers are mainly piracted to improve their income potential (77%), the opportunity to learn new skills and continue their capacities motivates many (64%).
Organizations now call on the community to test a wider range of products and technologies. 56% of researchers also specialize in APIs, while almost 10% are now focusing on AI and large language models (LLM).
“Even the most sophisticated automation cannot correspond to the ingenuity of human intelligence,” said Chris EvansCiso hackeron and piracy chief. “The security report fueled by the 2024 Pirates proves how essential human expertise is to meet the unique challenges posed by AI and other emerging technologies. The report also provides advice on the creation of productive relations between organizations and security researchers, so that the most new and most elusive vulnerabilities can be found effectively and fixed. »»