AI and white hat hackers

George Gerchow at MongoDB explains why AI makes security researchers crucial to business security strategies

 

As cyber-criminals get more creative, leveraging AI to develop sophisticated attacks, organisations face increasingly complex and frequent threats. Indeed, a 2024 University of Maryland study estimated that hackers attack every 39 seconds. From deep fake video calls to malicious code that targets AI tools, hackers are constantly evolving their tactics. 

 

As a result, companies are also getting creative. For example, Virgin Media O2 recently introduced an AI-generated "granny" named Daisy to waste scammers’ time and to protect customers. But even moves like this aren’t enough. It’s vital that organisations fully understand the importance of so-called white hat hackers, who are also known as security researchers. Ethical hackers who can help identify vulnerabilities before they can be exploited, security researchers should be seen as crucial cyber-security partners.

 

Businesses shouldn’t fear security researchers

There’s a misconception that all hacking is inherently dangerous and illegal. Security researchers show how wrong this misconception is—they’re professionals hired to identify weaknesses in systems and software to help organisations improve their security, working within the law and ethical guidelines to hack for good.

 

Unfortunately, cyber-attacks on businesses are not a matter of "if," but "when." So security researchers play a crucial role in helping organisations proactively address vulnerabilities. For example, “bug bounty” programs—in which researchers who discover vulnerabilities can receive rewards, and which are offered through platforms like HackerOne and bugcrowd—are an effective way of working with ethical hackers to find and squash bugs. By finding and fixing weaknesses before they become critical problems, security researchers help organisations avoid full-blown catastrophes.

 

Hacking effectively and ethically

The idea of working with a hacker might evoke a degree of anxiety, as organisations must balance the benefits of improved cyber-security with potential risks. Organisations must therefore define clear scopes of work when collaborating with security researchers. These agreements outline what can be tested, how it will be tested, and what’s off-limits, providing a clear scope of work. By adhering to these agreements, organisations can also ensure compliance with regulations like GDPR and industry-specific standards, keeping their operations legally sound.

 

It is crucial to remember that security researchers—professionals who use their skills for defensive purposes—must operate strictly within the confines of the law. Any deviation from the agreed scope of work risks straying into grey or black hat territory, where activities may be unethical, illegal, or harmful. By working exclusively with ethical hackers who follow established legal frameworks, organisations can strengthen their cyber-security posture while maintaining transparency and compliance. This collaborative-yet-controlled approach to white hat hacking not only minimises risks but also reinforces the organisation’s dedication to ethical and lawful operations.

 

Enter AI 

The rise of AI has been a game-changer for ethical hacking. Just as malicious hackers can use AI to craft sophisticated attacks, security researchers can use it to improve their testing and vulnerability assessments. AI tools can help automate parts of the ethical hacking process, allowing white hats to quickly scan large volumes of network traffic and identify vulnerabilities. 

 

In fact, AI can also simulate complex attack scenarios, allowing organisations and white hats alike to understand how malicious hackers might exploit a system. The use of AI also speeds up tasks like vulnerability scanning and exploitation, freeing security researchers to focus on more complex security challenges.

 

Balancing the risk and opportunity

Of course, we can’t forget the role AI is already playing in malicious cyber-attacks. AI-powered phishing campaigns, for example, use machine learning to create convincing emails and to mimic trusted individuals—like a “CEO” demanding that junior team members sign into external links or make quick purchases. In the same vein, deepfake technology is being used in social engineering scams to further those attacks.

 

Given these threats, organisations must prioritise strategies that address both human and technological vulnerabilities. The involvement of these security researchers is the key to conquering this front: using AI to simulate AI-driven attacks and identify weaknesses in a company’s defences that allow businesses to stay ahead of ever-advancing cyber-attacks. 

 

Embracing ethical hackers

Organisations need to embrace ethical hackers as valuable allies in their cyber-security strategy. It is crucial for their security and success. By identifying vulnerabilities before they are exploited, businesses can stay ahead of potential threats, all the while operating within clear and defined scopes of work that adhere to regulations.

 

AI is an incredibly powerful tool, and its development and sophistication has skyrocketed over just the last couple of years. Because AI isn’t going anywhere, it should be embraced to prevent the dangers caused by AI, a double-edged sword we cannot ignore. Luckily, white hat hackers are in the perfect position to use it to protect businesses ethically.

 

---

 

George Gerchow is Head of Trust at MongoDB

 

Main image courtesy of iStockPhoto.com and stevanovicigor