HackerOne has just released its seventh-annual Hacker-Powered Security Report, based on data from its vulnerability database, views from HackerOne customers and more than 2,000 hackers on the platform. The goal in benchmarking hackers is to gain insight into their perspective on the cybersecurity landscape, the evolution of risk, and what motivates them to help.
Top Level Findings
Notably, HackerOne’s ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform. Crypto and blockchain organizations continue to see strong program engagement — offering the highest average overall rewards for hackers and awarding the year’s top payout of $100,050. Customers also expanded how they use hackers outside of traditional bug bounty, as pentesting engagements increased by 54% on the platform in 2023.
GenAI and Hackers
The latest data reveals that hackers are finding new ways to up their income by diversifying their skill sets to keep up with emerging technology.
At the heart of every hacker is intellectual curiosity, and we witnessed it again in their plans for GenAI. More than half (55%) of hackers plan for Generative AI (GenAI) to become a top target in the coming years, and 61% of hackers said they will use and develop hacking tools from GenAI to find more vulnerabilities. Another 62% plan to specialize in the OWASP Top 10 for Large Language Models. Hackers also said they plan to use GenAI to write better reports (66%) or code (53%) and reduce language barriers (33%).
This aligns with enterprise progress in GenAI adoption. Organizations are under pressure to adopt GenAI to stay ahead of competitors, which, in turn, is transforming the threat landscape. If you want to remain proactive about new threats, you need to learn from the experts in the trenches: hackers. The versatility of hackers and the impact of the vulnerabilities they surface make them instrumental to how HackerOne customers anticipate and address risk.
How Hackers Can Benefit Organizations
In the report, hackers reported insufficient in-house talent and expertise as the top challenge for organizations, and hackers are filling this gap: 70% of customers stated hacker efforts have helped them avoid a significant cyber incident.
Hackers provide an array of other benefits, backed up by this year’s data:
- Fifty-seven percent of HackerOne customers believe exploited vulnerabilities are the greatest threat to their organizations, over phishing (22%), insider threats (12%), and nation-state actors (10%).
- Customers are getting faster at fixing vulnerabilities, as the average platform-wide remediation time dropped 10 days in 2023. Automotive, media and entertainment, and government verticals saw the biggest decrease in time to remediation with an over 50% improvement.
- Organizations are reducing costs by embracing human-centered security testing earlier in their software development lifecycles, with customers saving an estimated $18,000 from security experts reviewing their code before release.
The 7th annual Hacker-Powered Security Report makes it clear that the use cases for ethical hacking will continue to expand and diversify – from securing GenAI applications to finding bugs even earlier in the SDLC. Organizations that partner with this innovative community benefit from the cutting-edge research and techniques that hackers with their outsider mindset add to the organization’s talent pool. To read the report, visit https://www.hackerone.com/reports/7th-annual-hacker-powered-security-report.