Virtualization Technology News and Information
Article
RSS
Hacker-Powered Security Report: Firms Turn to Human Intelligence Amid Rising AI Threats

HackerOne published its eighth-annual 2024 Hacker-Powered Security Report which proves that in the last 12 months, the security researcher community has further matured its skill sets to meet customer demand. Nearly 10% of security researchers now specialize in AI technology as 48% of security leaders consider AI to be one of the greatest risks to their organizations. 

HackerOne's Hacker-Powered Security Report combines perspectives from the researcher community, customers, and security leaders with insights from the world's largest database of vulnerabilities. The report explores how security-focused organizations integrate human expertise with technology and AI for a defense-in-depth strategy. The report highlights: 

  • AI is a threat and an opportunity: More than two-thirds (68%) of security professionals said an external and unbiased review of AI implementations is the most effective way to mitigate AI safety and security risks overall. There has been a 171% increase in AI assets in scope on the HackerOne platform, with 55% of all AI vulnerabilities reported being AI safety issues.
  • Cross-site scripting (XSS) and misconfigurations remain the top most-reported weaknesses: Pentests and bug bounties also continue to be the top engagements identifying these issues. Pentests uncover more systemic or architectural vulnerabilities like misconfigurations. For bug bounty, security researchers focus on real-world attack vectors, user-level issues, and business logic flaws, with XSS as the most commonly discovered weakness. 
  • Technologically advanced industries are more likely to reduce common vulnerabilities during development compared to other industries: Security-mature and tech-focused industries like online services, retail, and e-commerce are actively reducing common vulnerabilities as opposed to more traditional industries. Web3 companies also have 65% fewer reports for XSS than the industry average. 
  • Crypto bounties continue to raise the bar: Crypto and blockchain organizations continue to pay well above the average for vulnerabilities, with bounties in the 95th percentile reaching $1 million. Internet and online services, retail and e-commerce, and computer software offer the next highest average payouts.
  • Income and education opportunities are top motivators for researchers: While security researchers predominantly hack to improve their income potential (77%), the opportunity to learn new skills and further their abilities motivates many (64%).

The Hacker-Powered Security Report is based on data from HackerOne's vulnerability database and includes insights from HackerOne customers, a panel of 500 global security leaders, and more than 2,000 hackers on the platform. It was compiled between June 2023 and August 2024.

Published Thursday, November 07, 2024 1:25 PM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567