INSIDE THE MIND OF A HACKER 2024

VOLUME 8
 HACKER DEMOGRAPHICS
Defining “Hacker”

HACKING MOTIVATIONS
If you were to ask 10 people off the
street whether they could distinguish
between hackers and cybercriminals,
they’d likely be unable to do so.

HARDWARE HACKING
Merriam-Webster defines a “ “hhacker”
acker” as “an expert at
programming and solving problems with a computer.”
While “hacker” is the predominant self-descriptor
used by the cybersecurity community (with even

HACKERS AND AI
some CISOs we know adopting the moniker), this
benevolent term has sadly become synonymous with
malice. The bad guys also call themselves hackers,
and unfortunately, they get most of the attention.

Here at Bugcrowd (and in this report),

we refer to the good guys as hackers.
Other terms you may have heard
include “ethical hackers,” “white hat
hackers,” and “security researchers.” ITMOAH 2024

2
 Table of Contents
Report Highlights 04
Letter from the Editor 05

Hacker Hacking
Demographics Motivations

The Anatomy of a Hacker 2024 06 The Heart of Hacking 13

A Day in the Life of a Hacker 07 Spotlight • Specters 16

Spotlight • Ads Dawson 10 Hacker Hall of Fame 18

Hardware Hackers
Hacking and AI

The Rise of Hardware Hacking 20

12 Months of AI Innovation
Hardware Hacking, Quantified 23
2024 vs 2023 27
Spotlight • Brandon Reynolds 25
The Three T’s of AI Hacking 28

Conclusion 33
ITMOAH 2024

Content Gallery 34
Glossary 35

© 2024 Bugcrowd Inc. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. 3
KEY TAKEAWAYS

Report Highlights
This edition of Inside the Mind of a Hacker analyzed almost 1300 survey responses
from hackers on the Bugcrowd Platform, in addition to hacker interviews.

81% 71% 3/4

of hardware hackers believe AI
identify nonfinancial
found a new technologies
factors as their main
vulnerability type increase the value
motivators to hack
in the past year of hacking

74% 83% 86%

of hardware hackers are believe AI
say AI makes hacking confident in hacking fundamentally
more accessible AI-powered hardware changed their
and software approach to hacking

91% 77% 90%

believe there are
currently more use AI technologies are Gen-Z or
powerful hacking tools to hack millennials
than ever before

87% 82% 92%

ITMOAH 2024

believe that reporting

believe the AI threat
a critical vulnerability
landscape is evolving speak two or more
is more important than
too fast to adequately languages
making money
secure
off of it

4
 HACKER DEMOGRAPHICS
LETTER FROM THE EDITOR

An introduction from
our CEO David Gerry

HACKING MOTIVATIONS
Celebrating hackers is at the core of At first glance, nothing might seem further from

what we do at Bugcrowd. I’ve witnessed the abstract world of AI than the concrete world
of hardware hacking. However, consider the
so much change over the past decade
infrastructure needed to support the growing
when it comes to perceptions of the
demands of AI and complex applications.
hacking community.
Years ago, hackers were almost exclusively assumed
In our distributed computing world,

to be criminals. Now, most security professionals
not only understand the difference between threat
actors and hackers, but they actually have personal
experience with ethical hacking.
This is the eighth year in a row that we’ve published
Inside the Mind of a Hacker, and we’ve covered
some really compelling subjects over the years.
HARDWARE HACKING
it’s easy to forget that the cloud is
made of iron.
Internet of Things (IoT) devices are in our homes.
Autonomous vehicles are on the streets. Technology
is in our pockets and wearable on our wrists.
Hardware powers everything, and that hardware

From neurodiversity in the hacking community to the
rise of hacking influencer platforms, we’ve examined
a broad spectrum of important topics.
Originally, we published Inside the Mind of a Hacker
with the goal of breaking through dated hacker
stereotypes. As perceptions changed, this report
seized the opportunity to do something different;
it now focuses on highlighting what’s next for the
hacking community. What trends are we seeing?
What unique directions are hackers taking in their
security research? How can Bugcrowd customers
and the greater cybersecurity community benefit
from these shifts?
In the last edition, Bugcrowd provided an exclusive
first look into how the hacking community is
leveraging generative AI as a tool. Owing to
its widespread adoption, generative AI
was suddenly a topic of conversation
everywhere. But we noticed something
interesting this year when analyzing the
data provided by almost 1300 hacker
survey respondents. There is no denying
that AI is still top of mind for many, but
HACKERS AND AI
needs to be secure.
Beyond the tie-ins between hardware hacking and
AI as a target, AI is also seen as a tool. Hardware
hackers can use AI for educational purposes, such
as when deciding what frequency to try for a fault
injection on a device.
I’ve personally had the privilege of attending several
Bug Bashes, where I’ve witnessed firsthand expert
hardware hackers combining technology with the
hands-on ingenuity of humans. They’re taking
machines apart, turning them upside down, and
breaking them down, all while running automation
programs, pulling apart code, and testing gaps in
technology. It’s truly the perfect union between
innovative technology and human ingenuity, which
is something we’re really passionate
about at Bugcrowd.
Inside the Mind of a Hacker
spotlights the immense power
that the hacker community can
unlock for our customers.
ITMOAH 2024

And we’re just

a surprising trend surfaced: the
getting started!
increasing prominence of
hardware hacking.

5
 HACKER DEMOGRAPHICS
T H E A N AT O M Y O F A

HACKER24

HACKING MOTIVATIONS
Personal
development
61%
say that hacking
helped them get a job
is the main hacking
motivator for

28%

HARDWARE HACKING
64%
hack
part-time

HACKERS AND AI
58%
are 24 years
old or younger
83%
are confident in
hacking AI-powered
hardware and
software

77%
90%
are Gen-Z or
use AI technologies
to hack

millennials

92%
2/3
encountered a vulnerability
speak two or more
languages

type they hadn’t seen before

in the past year
72%
87%
ITMOAH 2024

believe that reporting a

critical vulnerability is more have a college
important than trying to degree
make money from it

6
 HACKER DEMOGRAPHICS
A Day in the
Life of a Hacker

The world of hacking is as diverse as it is dynamic.
Far from being a monolithic group, hackers of
today represent a broad spectrum of backgrounds,
experiences, and approaches to cybersecurity. From
dedicated professionals who've turned their passion
into a full-time career to weekend warriors balancing
day jobs and bug hunting, these individuals are
HACKING MOTIVATIONS
In this section, we'll explore the demographics of
the hacking community, shedding light on their work
habits, educational backgrounds, and the various
paths that led them to this field. By understanding
who hackers are and how they operate, we gain
valuable insights into the human element of
cybersecurity—an aspect that's just as crucial as the

HARDWARE HACKING
united by their drive to uncover vulnerabilities and technology itself.
strengthen digital defenses.

The Basics
Languages Spoken Gender Differences

HACKERS AND AI
8% 1 1% Non-binary

75% 2-3 95% Male

17% More than 3 4% Female

Top 10 Countries Where Average Age

Participating Hackers Live
2% 56% 32% 7% 2%
India Egypt

Bangladesh Nigeria <18 18-24 25-34 35-44 45+

USA UK 90% of hackers are Gen-Z or

millennials—so demure, so mindful.
Pakistan Vietnam
Gen-Z didn’t just
Nepal Australia take lay claim
to 2024’s “Brat
Summer”—they’re
ITMOAH 2024

also absolutely
owning the hacking
scene!

7
 HACKER DEMOGRAPHICS
A DAY IN THE LIFE OF A HACKER

Hack Around the Clock

13% 21% Nearly half of the hackers in our sample

spend less than 14 hours a week
+40 hours 4 or fewer hours
hacking, with over 40% dedicating less

HACKING MOTIVATIONS
than 10 hours to their craft.

10% Hours Per 22% This approach to hacking—more marathon than

Week Devoted sprint—allows hackers to keep doing what they
30–44 hours About
To Hacking 5–9 hours love without burning out. It's a reminder that
hackers are not obsessive
recluses but balanced 95% of hackers
believe they help fill
18% 16% individuals who approach
the cybersecurity

their craft with the same
15–29 hours 10–14 hours
degree of professionalism
as in any other career.
HARDWARE HACKING
skills gap. Hackers
are crucial in today's
digital defense.

The Dual Lives of Hackers

Top 10 Industries Hackers Work In

HACKERS AND AI
01 Hacking and security research While 84% of hackers identify hacking
and security research or information
02 Information and web application
and web application security as their
security
primary occupations, a diverse range of
03 Architecture and engineering professionals moonlight as hackers.

04 Education, training, From educators and engineers to healthcare

and libraries management workers and even a few food service workers,
these individuals bring a wealth of real-world
05 Business and financial operations experience to their hacking endeavors.

06 Installation, maintenance, It’s not rocket science…but some hackers can

and repairs do that too!

07 Office and administrative support

!
Plot twist
08 Sales or business development
Only 37% hack full-time.
Arts, design, entertainment,
09

sports, and media

The rest? They're your
coworkers, neighbors, and
Healthcare practitioners
10

and technicians
maybe even your barista!
ITMOAH 2024

8
 HACKER DEMOGRAPHICS
A DAY IN THE LIFE OF A HACKER

Hack How You Want Over 75% of

r
hackers prefe
r so ft w are
Employment Status of Hackers Who says you probing fo
s in th eir
can't make a living vulnerabilitie
ot rs
he
homes, while
finding bugs? g in a
prefer hackin

HACKING MOTIVATIONS
or at a
coffee shop
More than a third of .
tech mee p tu
hackers have turned

21% 30% 12% 37% their passion into a full-

time gig, while another third are aspiring to make
I hack I'm trying to It's just a I hack
part-time hack full-time side hustle full-time
hacking their full-time career, showcasing the
or for fun growing appeal of this field. Whether it's a career,
a side hustle, or just for kicks, it seems everyone's
got a bit of hacker in them.

HARDWARE HACKING
Teach Me How to Hack

Hackers have a striking preference for Average Education Completed by Hackers

self-directed learning, with 87% of hackers
crediting online resources for their skills. Did not complete high school 3%
This digital-first approach to education Graduated from high school 24%

HACKERS AND AI
reflects the rapidly evolving nature of
Graduated from college 56%
cybersecurity, where the latest techniques
and vulnerabilities are often shared online Completed graduate school 17%
long before they make it into formal curricula.

But the learning doesn't stop at online tutorials. A How Hackers Learn Skills
remarkable 78% of hackers proudly wear the badge
of being self-taught, showcasing a DIY spirit that's Online resources 87%
deeply ingrained in hacker culture. This self-starter Friends or mentors 35%
mentality is complemented by peer-to-peer learning,
with 35% of hackers citing friends or mentors as key Self-study 78%
to their educational journeys. Academic or professional coursework 29%
But don’t discount formal education. Almost a third Trial and error 43%
of hackers learned how to hack in school. In general,
hackers are a well-educated group. Almost three-
quarters boast college degrees or higher, reflecting 69% of hackers
a level of academic achievement rivaling many
traditional professional fields. It's a strong reminder stay up to date on
that today's hackers aren't just self-taught techies the latest breaches
but often highly educated individuals who blend
their academic foundations with practical self-
directed learning. Going beyond being a technical
skill set, hacking is a field that benefits from diverse
knowledge, from both higher education and a
ITMOAH 2024

scrappy self-directed education.

9
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

Meet Ads Dawson

Security Engineer, AI Red Teamer, and Hacker

HACKING MOTIVATIONS
At Bugcrowd, we talk a lot about the societal misconception
that hackers and security professionals are two separate
groups when in reality, they are one and the same. Full-time
security professionals often hack on the side.

HARDWARE HACKING
There is no better example of this than Ads Dawson, who has been both a Bugcrowd
customer and a hacker on the Bugcrowd Platform. Ads has achieved some amazing
accomplishments in his career, including most recently contributing to the Bugcrowd VRT
update on AI application vulnerabilities. Read on to learn more about Ads!

A Journey into Building and Breaking

HACKERS AND AI
Ads started in the security space with an apprenticeship at an MSP. He did not have
an educational background in computer science. Nevertheless, from there, he pro-
gressed along the path toward networking and security, network pen testing, appli-
cation security, and eventually LLM applications and AI security. Ultimately, he has
a passion for dissecting concepts down to the essence, which is extremely relevant
in hacking and the security space. “I figured that if I already know how to build, man-
age, and deploy hybrid cloud networks, why not learn how to break them?” Ads says.

Ads has been hacking for about six years, and he’s loving it so far. He’s a self-described
“meticulous dude” who cites a dedication to curiosity in every aspect of his life to be
a main driver of his hacking success. “I have always challenged and motivated myself
to fully comprehend a solution or function at a very detailed level,” Ads shares.

“This has kept me

constantly driven
to adapt, learn
new concepts or
technologies, and
improve my skills.”
ITMOAH 2024

VIEW PROFILE

10
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

Ads is a self-described “networking nerd at heart,” although he applies a well-oriented

full-stack approach to hacking. He is also heavily involved in AI red teaming, which is a
particularly new space. He is extremely motivated to constantly improve his machine

HACKING MOTIVATIONS
learning (ML) adversarial capabilities.

“Another cool aspect of hacking that I love is

developing and building tools or a script that
helps me fix common hacking problems.”

“It is really effective to spend time on enhancing your offensive arsenal for investing

HARDWARE HACKING
in the long run,” Ads says.

Advice for Security Teams

For teams hoping to get more out of their bug bounty programs, Ads
shared valuable insights from the hacker perspective. It starts with fos-

HACKERS AND AI
tering better relationships with the hacking community.

“Challenge the hacker and always motivate them to dig deeper! If you are denying a
submission, it’s important to elaborate why and always be open to the possibility of a
decision change. Another thing that goes a long way is spending some time on a ca-
dence to update your program with new features or even notifications about behavior
changes,” Ads says.

He also recommends that teams put themselves in a hacker’s shoes. Ask yourself if
your scope is clear and concise while providing a clear and valid reporting chain with
achievable acceptance criteria. By reviewing your program details from a different lens,
you can catch areas where you’re potentially pigeonholing your program.

To wrap up, we asked Ads what he wished security leaders understood about hack-
ers. “Hackers spend a lot of time out of their personal lives working within reasonable
disclosures and constraints to secure compa-
nies’ attack surfaces. Come to the table with a
cooperative spirit and a willingness to achieve “Embrace
mutually fair reasoning,” Ads says. “Embrace
the fact that every hacker has unique in- the fact that
sights, perspectives, and capabilities to of-
fer. Having a dedicated and motivated hacker every hacker has
finding holes in your ecosystem is incredibly
valuable, especially compared to traditional unique insights,
methods of security testing in resource-con-
perspectives,
ITMOAH 2024

strained environments.”

and capabilities
to offer.”

11
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

Advice for Hackers

Ads has been on both sides of a bug bounty program. Therefore, his per-

HACKING MOTIVATIONS
spective is valuable for hackers looking to improve their skills and earn
greater recognition. When it comes to advice for hackers who are engag-
ing with security teams, Ads suggests a well-rounded approach.

“Consider every angle, leave no stone unturned, and always parse information thor-
oughly. It’s always incredibly easy to skim information, especially when you’re running
on fumes. Prioritize yourself when you’re feeling burnt out—taking a walk or going to
the gym does magic for your productivity. Lastly, don’t become hard-set on your fa-
vorite toolset or setup—always take the opportunity to step outside of your comfort

HARDWARE HACKING
zone,” Ads advises.

Ads also views stepping outside their comfort zones as

Ads also suggests
a great way for hackers to earn more invites to hack on
private programs. By involving themselves in the com- that hackers
munity and ongoing CTF events, hackers can increase document their
their visibility. One way Ads does this is through his work (such as
involvement in an OWASP chapter, which keeps him in

HACKERS AND AI
writeups) as a great
the loop and regularly allows him to challenge himself.
way to show off
their experience.

↳⬒ ads-folder My common tools and resources for

↳⬒ how-to
↳⬒ breaking < A solid linux distro such as Kali >
< Burp Suite (I’m a huge James Kettle fanboy!),
↳⬒ hackers
including some neat extensions and Bambdas >
↳⬒ sec-teams < Some good old fashioned cURL and netcat tinkering >
↳♡ tools.html < Spotify (A must to have some good vibes flowing) >
< Bruno (sorry Postman) >
< VSCode and WarpAI Terminal >
< ZAP > My hacker working space
< Metasploit >
< Nuclei >
< NMAP >
< Python and Go >
< Ollama >
< Virtualbox >
< Wireshark >
ITMOAH 2024

12
 HACKER DEMOGRAPHICS
The Heart of Hacking
The rush of outsmarting cybercriminals? Exhilarating.
Hackers are driven by a mix
The satisfaction that comes with strengthening

of personal and altruistic
motivations that go far beyond
the stereotype of the lone coder
seeking a payday. Earning money
HACKING MOTIVATIONS
digital defenses? Unmatched. And the real magic
happens when individual triumphs become collective
victories. In this world, every bug squashed and
every vulnerability patched is a win for the entire
community.

is certainly a benefit, but hackers So while the challenging puzzles and cutting-edge
tech are cool, the best part about being a hacker
love making a difference in the

HARDWARE HACKING
is the opportunity to make the digital world a safer
digital world, protecting both place while getting to do so alongside an awesome
community. It's a reminder that in the world of
individuals and organizations
cybersecurity, the whole is greater than the sum of
from threats. its parts—and that's what makes hacking so cool.

HACKERS AND AI
More Than Just a Paycheck While hackers still consider
making money important, they are
Why do you hack?
increasingly being driven by other factors.

3% 28%
For my personal development
For reasons I'd
rather not share

4% 18%
For something to do For financial gain

8%
For my livelihood
15%
For the excitement

11% 14%
For the greater good
For the challenge
ITMOAH 2024

What stands out is the mix of motivations—today's hackers Hacking isn't just
aren't one-dimensional. They're professionals who want to about the money
earn a living, sure, but they're also passionate about learning,
al and
solving problems, and making the internet safer. It's about person
llment.
professional fulfi

13
 HACKER DEMOGRAPHICS
THE HEART OF HACKING

87% of hackers agree

Unleash the Hacker Point-in-time security testing isn't enough.
Companies need ongoing, continuous
Top Hacking Roadblocks security measures to stay protected in
today's dynamic digital world.
Not enough private program invites 45%

Not enough scope
Not enough programs that match my interest
Not having the physical technology needed
Unresponsive program owners or brands
HACKING MOTIVATIONS
The hacker community is full of untapped potential
26%
waiting to be unleashed. While hackers are eager to
dive deeper into their work, they are held back by
25%
narrow scopes, mismatched interests, and a lack of
required technology.
20%
Limited access to private programs stands out
19% as the top frustration among hackers, with
almost half citing a desire for more

HARDWARE HACKING
Inadequate incentives 11% opportunities. While hackers
can continue to build their
reputations,
No safe harbor 6%
companies have
the chance to
None of the above 15% expand their
programs or
Other 13% explore new
approaches.

HACKERS AND AI
Level up!
The message is
91% of hackers say they clear: Give hackers
are now armed with more the room to roam, the tools

powerful tools than before. to tinker, and the challenges

to conquer, and watch
as they transform the
cybersecurity world.

The Disclosure Dilemma

Have you avoided disclosing a vulnerability The legal aspect of vulnerability disclosure
because a company lacked a clear pathway represents another challenge for hackers. More
for you to report it without risking legal than half of hackers have held back on reporting
consequences? disclosures due to unclear reporting pathways.
Without a safe harbor, hackers tread a fine line
between well-intentioned probes and unauthorized
52% 48% access, turning their exploration into legal trouble.
Yes No
There’s certainly a path
forward. Organizations can 73% of hackers
potentially double their observed more
influx of valuable security vulnerabilities
information if they can than last year.
implement clear, hacker- It's dangerous
ITMOAH 2024

friendly policies. out there!

14
 HACKER DEMOGRAPHICS
THE HEART OF HACKING

Top Four Reasons to Be a Hacker

To reduce risk of breach To earn To make To build relationships

and reputation damage money the internet safer and network with the
The tides for companies for consumers security community
are changing!

HACKING MOTIVATIONS
89% of hackers
believe companies
appreciate hackers
more than ever
before.

58% hack to reduce

HARDWARE HACKING
breach risks for
companies. Hackers:
The unsung heroes of
corporate security!

1 2 3 4

Hacking Together

HACKERS AND AI
How Important Are These?

Extremely Important Very Important Somewhat Important Not So Important

Building long-term
relationships
47% 35%

Getting constructive
feedback
57% 32%

Educating others on
security best practices
54% 31%

Hackers are
Hacking is evolving beyond solo missions. Today's The spirit of mentorship is strong too. team players!
hackers are active community members working Instead of gatekeeping, hackers are
inviting others in, with 81% involved
82% are in it for the
toward the common good. A significant 82% are long haul, building
in guiding and working with peers.
committed to building lasting relationships with solid relationships
This commitment to growth extends to
companies and bug bounty program owners, their own skills, as 89% actively seek
with program owners.
creating a sustained defense. constructive feedback.

Today's hackers are building more than just secure

Knowledge sharing is at the heart of this community,
systems—they're creating a dynamic, collaborative
ITMOAH 2024

with 85% of hackers dedicated to educating others

community that's redefining cybersecurity. This allows
This "rising tide lifts all boats" mentality strengthens individual expertise to combine with collective effort to
our collective digital safety. create a safer digital landscape.

15
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

Meet Specters
From Experiencing Homelessness

HACKING MOTIVATIONS
to Being a Hardware Hacking Specialist

Meet Neiko—also known as Specters—a skateboarder by day,

a punk music enthusiast by night, a full-time skilled hacker in
between, and a truly selfless individual who prioritizes giving
back to his community on top of it all.

HARDWARE HACKING
Born in Chicago, Specters stumbled upon hacking during a tumultuous time in his life—
when he found himself homeless and searching for a way out.

Hacking to Change Your Life

Specters was experiencing homelessness when he started hacking. “I figured

HACKERS AND AI
hacking would be good to learn because it seemed like ‘computer people’ made
some money,” Specters says.

He was first inspired by old-school phreaks like “My first bug bounty
Mark Abene. He got started in car hacking and
was used to pay for
malware analysis.
my first apartment
and quite literally
As he journeyed into the hacking world, Specters saved me from
had to learn that not all bugs have an impact.
He would remind himself of the importance of homelessness.”
stepping back when he didn’t get the result he
wanted.

“Bugcrowd truly gave me a shot to prove myself.

I had zero credentials or achievements when
I started,” Specters shares.

I was homeless, I had just started

car hacking, I was literally a
nobody. Bugcrowd gave me
a chance to change that.
ITMOAH 2024

VIEW PROFILE

16
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

Getting Started with Hardware Hacking

Specters started with car hacking, but he also loved malware analysis.

HACKING MOTIVATIONS
Now, he is passionate about everything related to hardware hacking.

“Hardware hacking is experiencing a huge resurgence right now. To be honest, I

think it’s kind of due. There are a ton of embedded devices that are not secure,
and a lot of people are realizing that again,” Specters says.

For hackers looking to get into hardware hacking, Specters recommends starting
with different Arduino kits. These will help aspiring hackers learn many aspects of
hardware hacking. Specters personally bought an IoT clock Arduino kit that had
many different protocols and circuits that he had to set up, which he recommends

HARDWARE HACKING
as well. He advises aspiring hackers to analyze hardware using different tools and
to seek out resources from the security community to get started.

Finally, whether you’re passionate about hardware or other specializations, Specters’

advice for new hackers is, “hack for fun, not for profit.”

Paying It Forward
“Identity has always been

HACKERS AND AI
Specters is extremely passionate
about paying his success for- a difficult issue for me.
ward and expanding diversity in I am talking to so many
the hacking community. “I think
something that bothers me is the
different communities now
lack of Hispanic representation in and so many people who
hacking,” Specters says.
had similar experiences,
and just making friends
Specters does presentations for Latinx has really helped me, so I
groups, introducing them to comput-
ers and hacking. He also mentors peo- want to pay that forward.”
ple who are seeking guidance, providing
them with instruction and materials to get
them started.

He recommends supporting Hack the Hood

and Boards 4 Bros, which are two organi-
zations that are very personal to him.

“Their efforts go toward

neighborhoods like the
one I grew up in, and
ITMOAH 2024

they help kids like me.”

Specters' hacking space

17
 HACKER DEMOGRAPHICS
HACKER HALL OF FAME

HACKING MOTIVATIONS
We asked 1300 hackers Here are some of the most popular responses.
who inspired them most These hackers inspired a generation, and they
as security professionals. all happen to be part of the Bugcrowd Crowd!

HARDWARE HACKING
 

OrwaGodfather
#1 top Bugcrowd hacker

HACKERS AND AI
Top 3 P1 hacker on Bugcrowd

Two-time LevelUpX champion

BusesCanFly Nagli
Self-taught hardware hacker Earned over $1 million
in bug bounties
100% accuracy on Bugcrowd
Winner of Indeed’s
8x Bug Bash competitor 2022 Bug Bash

 

InsiderPhD
Has 80k subscribers
on Youtube

Has a PhD in Defense

and Security

Jhaddix Iceman
ITMOAH 2024

Multiple time DEF CON Knows more than 8

and BlackHat speaker programming languages

Pioneered a world-renowned Created Proxmark3

recon methodology RDV4 with RRG

18
 HACKER DEMOGRAPHICS


 

HACKING MOTIVATIONS
Codingo
Previous top 10 hacker
on Bugcrowd

Co-founder of Subfinder

HARDWARE HACKING
Farah Hawa TodayIsNew
Cybersecurity content Almost a decade hacking
creator and influencer
1st place in total points from Bugcrowd
Bug triage professional Bug Bounty Engagements

HACKERS AND AI

Rachel Tobac
3x DEF CON 2nd place winner in
the Social Engineering Competition

CEO of SocialProof Security

Zwink
Bugcrowd all-time top 10 hacker
for P1/P2 vulnerabilities

Hunts broken access control

vulnerabilities

rez0
One of Yahoo’s top 10
bug bounty program hackers

Speaker at the AI Village

at DEF CON
ITMOAH 2024

HACKER HALL OF FAME

19

Hardware
hacking was once
considered a niche
pursuit. Today,
it’s experiencing
a dramatic
acceleration.
G iven the increase in cheaply made
and often unnecessarily complex
smart devices on the market and the
advancements in tools for hacking, the
conditions are ripe for hardware hacking.
Unfortunately, this also means that
the conditions are perfect for threat
actors who target hardware, threatening
consumers, companies, and governments.
HACKER DEMOGRAPHICS
HACKING MOTIVATIONS
HARDWARE HACKING
HACKERS AND AI
There's a tendency to oversimplify
hardware hacking—people assume that
physical access makes hacking easy
or, conversely, that remote attacks are
impossible. Hardware hacking is far more
complex than both these scenarios,
ITMOAH 2024
and these misconceptions are harmful
because threat actors will exploit every
hardware vulnerability they can find.
20

THE RISE OF HARDWARE HACKING
Hardware Hacking 101
At its core, hardware hacking
exploits vulnerabilities in the physical
components of electronic devices rather
than just in their software.
It involves the unauthorized manipulation or
modification of a device's hardware to bypass
security measures, gain unauthorized access, or
alter a device’s intended functionality. The goal of
hardware hacking is often to circumvent protections,
steal data, or gain control of a device in ways its
designers didn’t intend. Software security, no matter
how sophisticated, is practically useless if attackers
find ways to exploit the physical hardware.
A number of common techniques are used to break
into hardware. In side-channel attacks, for example,
a threat actor observes a system and monitors
it to catch unintentional information leakage, like
power consumption or electromagnetic emissions,
to recover cryptographic keys or other secret data.
Firmware manipulation is a technique to change
a device's core programming, opening doors to
unauthorized access. Fault injection is a common
hardware hacking technique that deliberately
introduces errors into a device's operations. By
causing precise, temporary malfunctions through
means like voltage glitches or clock signal
manipulation, threat
actors can bypass “It’s a myth
security measures, skip that hardware
important instructions, hacking requires
or gain access.
expensive
tools or is more
difficult than web
development.”
HACKER DEMOGRAPHICS
Democratization
of Hacking Tools
Many believe that hardware hacking is a
prohibitively expensive pursuit that requires
HACKING MOTIVATIONS
specialized equipment or that it's too complex for
anyone but advanced technical experts to engage
in. These notions are becoming increasingly
outdated, as tools are becoming more affordable
and resources more accessible. Consider, for
example, side-channel attacks. These are becoming
increasingly common, as measuring equipment has
become more precise and affordable. With these
tools, hackers can now capture detailed operational
HARDWARE HACKING
data from live systems. While some extremely
expensive tools can certainly make things
easier, they're rarely necessary. Like
with all forms of hacking, creativity and
problem-solving go a long way.
Fault injection attacks are also on the
rise, also in part because of the accessibility of
HACKERS AND AI
low-cost gadgets. An impressive example of this is
when security researcher Lennert Wouters hacked a
Starlink satellite dish using a custom-built modchip
costing just $25. By physically attaching this device
to a stripped-down dish, they launched a fault
injection attack that temporarily shorted the system.
This anomaly allowed them to effectively bypass
Starlink's security measures, granting access to
previously locked areas of the system's software.
Not-So-Smart Devices
As our world becomes increasingly interconnected
and as more smart devices are connected to the
internet, security risks will multiply exponentially
as a result. Devices connected to the internet are
part of the large global network, and unfortunately,
this means they are exposed to potential dangers.
Today, the market is flooded with these "smart"
devices, from “smart” microwaves to “smart”
flip-flops, and many of these prioritize features
over security, creating numerous entry points for
cyberattacks. A smart device getting hacked can
have immediate real-world impact.
ITMOAH 2024
21

THE RISE OF HARDWARE HACKING
For instance, a vulnerability in a smart oven could
allow a threat actor to remotely activate the
appliance, creating a significant safety risk. This
scenario isn't hypothetical; a security flaw in LG's
smart home app once made such a smart oven
exploit possible.
Hardware security flaws are found beyond kitchen
appliances, and the consequences of these
vulnerabilities in other smart devices can be even
more severe. The medical field is an industry where
hardware hacks of smart devices can be extremely
dangerous. In 2017, the FDA confirmed serious
security flaws in St. Jude Medical's cardiac devices.
It revealed that hackers could potentially manipulate
pacemakers and defibrillators through their remote
monitoring systems, not only compromising patient
data but potentially endangering lives. For such
industries, the stakes extend far beyond data
protection to matters of life and death.
The Power of AI
AI is changing the security industry,
and hardware is no exception. First,
it’s making tools more powerful. AI
significantly enhances the effectiveness
of side-channel attacks.
For example, AI algorithms can perform complex
analyses, discovering minute variations in power
consumption, electromagnetic emissions, or
timing data from a device. Additionally, they can
identify behavioral patterns that humans might
miss. Moreover, AI's ability to quickly process and
adapt to complex patterns makes it particularly
suited for tackling the intricate timing issues often
associated with fault injection techniques. AI can
help determine the correct frequency, timing, and
intensity of induced faults.
AI can also extend the reach and speed at which a
hacker accesses systems—the ability to automate
and parallelize attacks enables simultaneous
breaches across multiple devices. For instance,
an AI can digitally analyze webcams and
access vision data that would normally
take one person hours to process.
HACKER DEMOGRAPHICS
Using AI, a threat actor can tap multiple webcams
and create reconnaissance targets and large,
powerful intelligence networks. In the not-so-distant
future, devices may be so interconnected that an
AI could hack all sorts of devices with just an
HACKING MOTIVATIONS
internet connection.
AI could also pose a threat to physical
security. It could analyze vast amounts
of data to create convincing fake identities,
complete with realistic credentials and background
information. These might create digital IDs or RFID
badges, potentially granting access to restricted
areas like server rooms or data centers. Once inside,
HARDWARE HACKING
an attacker could compromise systems or install
backdoors, leading to data breaches, espionage, or
service disruptions.
HACKERS AND AI
What Happens Next
Looking to the future of hardware
security, we can expect several key
developments as AI continues to evolve.
AI-driven defense mechanisms will likely
emerge, resulting in automated systems
for detecting and responding to hardware
vulnerabilities. We'll see an increased
focus on securing the intersection of
hardware and software, recognizing that
vulnerabilities often lie in their integration.
While the threat of hardware hacks
is significant, this is not a cause for
panic but a call for action. The growing
community of hardware security experts,
now more open to newcomers than ever,
stands ready to protect the vast array of
devices that our world depends upon.
ITMOAH 2024
stem
The security of any sy
is only as strong as its
sure
weakest link. Let's en
t
that hardware doesn'
k.
become that weak lin
22
 HACKER DEMOGRAPHICS
Hardware Hacking
 Quantified
It’s hard to buy anything these days without

HACKING MOTIVATIONS
some form of an interconnected functionality.

Hardware hacking specialist Brandon Reynolds said it best:
“IoT has taken the world by storm and has become the true Wild
West of our constantly evolving world. Unfortunately, not many
understand what is happening underneath the shiny exterior of
their new toy. It could be running around all day shouting your
Whether we’re talking about cars or medical
devices, the idea of hardware vulnerabilities
being exploited is a scary prospect. Luckily,
the Bugcrowd Platform partners with
hardware hacking specialists, some of whom

HARDWARE HACKING
are spotlighted in this report, to help support
WIFI password, and you wouldn’t have a clue unless you knew organizations’ attempts to secure their
what to look for!” hardware and firmware.

Get to Know Hardware Hackers

gh t
au

HACKERS AND AI
-t Many hackers start
f
el

with tools such as

80%
are s

microcontrollers,
Ask a Hacker
of hardware breadboards, voltmeters,
hackers logic analyzers, and
packet sniffers. Is hardware hacking too
expensive to break into?

83% 1/3 BusesCanFly  “I think there have

been some big advancements and
of hardware hackers
are confident in of hackers believe hardware steps to make hardware hacking
hacking AI-powered hacking is one of the most much more accessible, like less
hardware and software. valuable specialties. costly tools and plentiful guides
and information. While there are
absolutely some crazy pricey
tools that can make things easier,
they’re very rarely necessary. Like
h a ck with all hacking, creativity and
to n Only 18% of hardware problem-solving go a long way.”
on
or

hackers hack for the

82%
motivat

-fin

money. In contrast,
ancial

31% hack for personal

ITMOAH 2024

of hardware development, 18% hack

ain

hackers for excitement, and 11%

fa
m

hack for the challenge

c

to
s r

23
 HACKER DEMOGRAPHICS
HARDWARE HAC KING  QUANTIFIED

The State of Vulnerable Hardware

81% 64% Ask a Hacker

of hardware hackers of hardware hackers

encountered a new
vulnerability they had
never seen before in
the past 12 months.
HACKING MOTIVATIONS
believe there are
more vulnerabilities What kind of hardware or firmware
now than there were are most vulnerable to attacks?
a year ago.

Top Five Types of Hardware and Firmware

Most Vulnerable to AI Attacks Lennert  “Devices that were not designed
According to Hardware Hackers with security in mind are the most vulnerable

HARDWARE HACKING
to attacks. Other vulnerable hardware includes
unnecessarily complex devices and cheap
1 IoT devices
consumer hardware.”

2 Autonomous vehicles
Topy  “Anything IoT/cloud/network-enabled
is most vulnerable to attack. The attack
3 Smartphones surface explodes when it’s network-connected.

HACKERS AND AI
Very often you’ll find that one device holds
4 Medical devices the keys to the kingdom and can attack all
other devices through some kind of cloud
5 Industrial control systems infrastructure.”

Partnering with Hardware Hackers

’ t repor t a vu
Ask a Hacker n l
ne
did

rab

67%
ility

How important is it to work

with hardware hackers?
of hardware
hackers

Because there was

no clear pathway
to do so.
Brandon Reynolds  “There are some great
minds out there who truly understand the
potential vulnerabilities that can be found in
hardware. But based on my experiences going 57%
out into the real world and speaking with the of hardware hackers say
companies developing hardware devices, I find a responsive team is the
that often, they don’t understand unless someone most important factor
when considering their
ITMOAH 2024

can handhold them through the process. There

next engagement.
are exceptions, but I fear the average
know
internal hardware team is going to be of You’ll get to
ug h the
a much lower caliber than your average more thro
hardware-tinkering hacker out there on next ar ticle.
the Bugcrowd Platform.”

24
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

Meet Brandon Reynolds

A Hardware and Embedded/IoT Specialist

HACKING MOTIVATIONS
Brandon Reynolds is a hardware expert and IoT specialist.
He’s been a key participant in multiple Bugcrowd Bug Bashes,
and his supportive nature, friendly attitude, and excellent work
ethic leave a lasting impression on everyone he meets.

HARDWARE HACKING
Read on to learn more about how Brandon balances hacking,
a security career, and a family in this hacker spotlight!

Brandon’s “Hacking Origin Story”

Brandon grew up in Central Illinois surrounded by cornfields, cornfields, and more

cornfields. While this meant that there wasn’t much to do, it did mean that he had

HACKERS AND AI
a lot of time to dedicate to programming and security.

When he was roughly 14 years old, Brandon wanted to understand how his game
consoles and other electronics worked at their most basic levels. Learning to dis-
assemble video games, PC applications, and other software or firmware led him
to software development, and eventually, to a full-time focus on cybersecurity.

“If I hadn’t been so interested in

how everything worked as a child,
I likely wouldn’t have developed
the early knowledge required
to do all of the unique
things I can today.”

When he was around 16 years old, he wrote

video game software that was sold at stores
like Walmart.
ITMOAH 2024

25
 HACKER DEMOGRAPHICS
HACKER SPOTLIGHT

The World of Hardware Hacking

Brandon started hacking in 2020, roughly when the COVID-19 pandemic started.
He hacks part-time, mostly late in the evening. He also works as a principal secu-
rity architect and a CSO.

HACKING MOTIVATIONS
“In general, finding security bugs was
always a big puzzle to me. If it’s built
by humans, there’s always mistakes.”

He specializes in embedded development and IoT/hardware hacking. However, to

HARDWARE HACKING
take on these technologies, you also have to have a solid understanding of various
other areas (mobile, cloud, etc.), which Brandon has.

“I don’t have a specific methodology I incorporate. I tend to focus on many different

pieces of hardware at once. If I get stuck on a particular problem or hurdle, I switch
to a separate device altogether,” Brandon says. “This strategy has both pros and
cons; it makes it easy to let a project sit for too long or to take much longer than I had
hoped when I switch back and remember everything involved in where I had left off.”

HACKERS AND AI
In the hardware world, there are so many tools that are not only necessities but
also derivatives of one another (like serial/UART adapters). His favorite tool is his
Saleae Logic Analyzer.

Hacking Impact

In the three years that Brandon has been hacking, he’s already earned life-chang-
ing rewards. The bug bounties he has received paid for nearly his entire wedding
and a new car (all from a single program)! “I’ll always be thankful for the rewards
I’ve received for helping companies secure their products,” Brandon says.

When asked why he hunts with Bugcrowd, Brandon says, “I’ve gotten to know so
many people (both hackers and Bugcrowd employees). They’ve all treated me
with respect.”

Looking forward, Brandon

hopes to continue building
his own security company
with a hardware focus.
“Getting to work with others
who are certainly more skilled
is humbling and provides the
chance to learn a great deal about
certain areas I have potentially
overlooked or could optimize.”
ITMOAH 2024

VIEW PROFILE

26
 HACKER DEMOGRAPHICS
12 MONTHS OF

AI INNOVATION
We asked hackers these five questions about their generative

HACKING MOTIVATIONS
AI usage and beliefs in early 2023, and we asked them
the same questions a year later. Check out how their
responses changed in only 12 months!

2023 2024

HARDWARE HACKING
Whoa!
In just a year,
Hackers who believe AI dramatically
proved its value
AI technologies
increase the value 21% 71% to hackers.
of hacking

HACKERS AND AI
More hackers are
Hackers using adopting generative
generative AI 64% 77% AI technologies
in their security
for hacking
research workflows!

Hackers who believe Beliefs around AI

AI technologies
outperform the
abilities of hackers
outperforming or
21% 22% replacing hackers
have relatively
stayed the same.

Hackers who believe

AI technologies will
eventually replicate 28% 30%
the human creativity
of hackers
From automatio
n
to repor t writing
to
improved accura
cy
Top use case of hacking tools
Automating Analyzing
ITMOAH 2024

for generative to analyzing dat

tasks data a,
AI in hacking hackers are find
ing
new ways to
leverage AI.

27
 HACKER DEMOGRAPHICS
The Three T’s
of AI Hacking

HACKING MOTIVATIONS
A lot happened in AI last year. The release of
GPT-4, Claude 3, and numerous open-source
models, as well as the introduction of vision and
voice models, have electrified, and concerned, the
security industry. Some hackers are wondering,
“How can I use AI to become a better hacker?”
while others are concerned AI might fully replace

HARDWARE HACKING
them. Meanwhile, everyone agrees that companies
using AI have a new class of vulnerabilities to worry
about now. At Bugcrowd, we frame this as the
three Ts of AI: AI as a tool, a target, and a threat.

We wrote an eBook Check it out here to read

on the top Generative up on the vulnerabilities, the

HACKERS AND AI
AI vulnerabilities systems most at risk, and
ways to mitigate the damage.
earlier this year.

AI as a tool
86% of hackers say
Both sides of the cybersecurity game will use AI to
AI has fundamentally
increase the scale and sophistication of their tactics. changed their
For example, threat actors can create convincing
approach to hacking,
spear phishing attacks at scale and defenders can for better or worse.
use AI models to detect intrusions within milliseconds.

Top five ways AI technologies make hacking more fun, Has AI fundamentally changed
profitable, or interesting (according to hackers) your approach to hacking?

51%
Automating repetitive tasks to free up time for more complex ones.

Yes,
Enhancing data analysis, allowing for deeper insights. positively

Simulating reconnaissance and attacks to predict weaknesses.

32%
Yes, both
ITMOAH 2024

Developing and training AI copilots to support workflows. positively and

negatively

Uncovering new patterns and trends in data. 13% 3%

No Yes, negatively

28
 HACKER DEMOGRAPHICS
THE THREE T’S OF AI HACKING

Top 3 Ways Hackers Use AI

I, Robot is not quite here yet. AI is not, by itself,

automatically detecting vulnerabilities.

Despite how advanced AI seems, most hackers

HACKING MOTIVATIONS
are using it for basic tasks like running queries
on data and creating reports.

In most cases, AI takes away the tedious

hacking tasks so hackers can reserve their Top three ways hackers
brainpower for the hardest parts: identifying believe they provide more
and exploiting vulnerabilities. value than AI in cybersecurity

HARDWARE HACKING
The reasons revolve around creativity and
Analyzing data adaptability. Most hackers believe that AI cannot

62%
match human creativity, such as the ability to try
out crazy-sounding attack vectors and find they
actually work.

Automating AI reasons based only on past knowledge while

tasks hackers can venture outside the box to find

HACKERS AND AI
exploits. Additionally, hackers

61% can easily uplevel themselves Almost half of

the hackers
while finetuning a model takes
believe that AI
quite a bit of effort and data. will never beat
Identifying them in value or
vulnerabilities effectiveness.

38% They bring a level of

creativity that AI lacks.

Ask a Hacker

That’s not to say that AI They can think of new attacks

can’t offer valuable help. that AI can’t predict because AI
relies on known information.

They think outside of the box,

Anonymous  “AI is great for helping which gives them an advantage
to understand error conditions in binary over ML models and predictive AI.
protocols that I'm not as familiar with.”

A task that could have taken

hours to digest could take just a
ITMOAH 2024

few minutes.

29

THE THREE T’S OF AI HACKING
Has AI made hacking
more accessible?
AI makes learning a lot more digestible. ChatGPT
and Claude have helped new hackers advance
their understanding of hacking methods.
Hackers can also use these tools to explain tricky
code or why certain exploits work and others
don’t. (That is, of course, if hackers can detect
and ignore the hallucinations.)
24%
No
74%
Yes
AI as a target
AI systems will be a new attack vector.
Many new AI systems have access
to company data and resources, and
unmitigated vulnerabilities (such as
prompt injection) will give threat actors
a new way into these resources.
Have companies using AI tools
introduced a new attack vector
for threat actors to exploit?
7%
No
93%
Yes
HACKER DEMOGRAPHICS
Ask a Hacker
How AI has impacted the accuracy
and reliability of their hacking tools,
such as scanners and scripts
HACKING MOTIVATIONS
Anonymous  “AI has significantly
improved the accuracy and reliability of
hacking tools by enhancing detection
capabilities, automating large-scale
data analysis, and continuously
adapting to new threats. It excels at
HARDWARE HACKING
recognizing patterns and anomalies,
enabling quicker and more precise
identification of vulnerabilities.
Additionally, AI's predictive capabilities
and customization options make
these tools more effective at handling
complex cybersecurity challenges.”
HACKERS AND AI
Ask a Hacker
Here is one hacker’s example
of discovering a new vector:
Anonymous  “I achieved a remote
code execution (RCE) accidentally
while chatting with an AI bot that was
misconfigured and had the ability to
execute OS commands on the system
where it was hosted. It provided
me with the command output.”
Hackers overwhelmingly
believe AI is ripe for
exploitation. Even using AI
ITMOAH 2024
on the backend creates new
flaws in the attack surface
of the product.
30
 HACKER DEMOGRAPHICS
THE THREE T’S OF AI HACKING

Do existing security solutions Vendors are racing to provide security

meet the needs and risks of AI? solutions that actually secure the AI
attack surface. Hackers are split down
the middle as to whether these solutions
47% are actually effective.

HACKING MOTIVATIONS
No

Luckily, the
l
crowdsourcing mode
g wi ll
of security testin

53%
Yes always stay on top of
emerging threats.

Human ingenuity
wins again!

HARDWARE HACKING
As expected, hackers don’t have much How many organizations are adequately
confidence in companies securing their prepared to tackle AI security?
AI systems. It’s also not surprising to see that
CISOs are more confident in their security Hackers CISOs
abilities. What is surprising, though, is the sheer

HACKERS AND AI
Less than 10%
difference in confidence levels. More than 41% 17%
two times as many hackers think that the vast
majority of companies will be blindsided by AI 10–25%
33% 31%
security issues.
26–50%
The devil is in the Hackers and 20% 34%
details, and hackers CISOs both
agree that most 51–75%
see AI exploits every 5% 15%
day, which explains companies are
not prepared for 76–100%
this discrepancy.
AI, period. 1% 3%

Are you confident in your abilities Is the AI threat landscape evolving

as a hacker to uncover too rapidly to adequately secure?
vulnerabilities in AI-powered apps?
Security
Even though AI-powered apps are relatively
can often
new, three-quarters of hackers already feel
confident in their abilities to bug hunt on
be collateral 18%
damage in No
this new attack surface. the race for
innovation.

82%
ITMOAH 2024

Yes No
Yes

73% 27%

31
 HACKER DEMOGRAPHICS
THE THREE T’S OF AI HACKING

AI as a Threat
AI systems can cause harm to users. This harm
could range from realistic (saying biased things) Do the risks associated with
to speculative (future models could be used to AI outweigh its potential?

HACKING MOTIVATIONS
create weapons).
No

Can organizations broadly trust

28%
AI-informed decisions and workflows?
Yes

72%
To a point, but organizations must balance
AI’s power with human creativity to reduce risks 37%

HARDWARE HACKING
AI is fine for low-stakes tasks, but we
should tread carefully in critical applications 45%
Yes, but only with the safety net of human
oversight to ensure accountability 7% As you can see, AI
offers many benefits
Yes, as long as AI models are when hackers use it
transparent and regularly audited 6% as a tool.

HACKERS AND AI
However, hackers
No, there’s still too much uncertainty overwhelmingly believe that
and potential bias in AI systems 2% the risks associated with AI
outweigh the benefits.

Top five ways AI technologies can be misused to weaken

an organization’s cybersecurity or GRC measures (according to hackers)

Poisoning
Creating fake Manipulating Developing tools iting
data inputs Explo es
data and systems to carry and methods r s a n d bias
to influence erro isk
identities that are out nefarious for large-scale ffect r
predictive that a ns
hard to detect tasks attacks
models decisio
ITMOAH 2024

1 2 3 4 5

32
 HACKER DEMOGRAPHICS
Conclusion
That’s a wrap on this year’s edition of Inside the Mind of a Hacker!
This year, we explored how quickly hacker attitudes regarding AI
(as a tool, a target, and a threat) are changing. We also explored the

HACKING MOTIVATIONS
unexpected path into the world of hardware hacking.
Here are three major takeaways from the research:

HARDWARE HACKING
Hacking is a
viable income
source. AI is the
Hardware new normal.
The majority (90%) of hackers hacking
are Gen-Z or millennials.
Younger generations are
is on the rise. AI is making hackers faster and
more accurate and is overall

HACKERS AND AI
flocking to hacking and making hacking more fun. It’s
Hardware is everywhere, and
reaping the benefits. 61% cited also making hacking more
even more is being created to
that hacking helped them accessible. 77% of hackers use
support the infrastructure needs
find a job. 59% are hacking AI to hack and 86% say it has
of AI. Hardware vulnerabilities
fewer than 14 hours per week, fundamentally changed their
are on the rise, and they have
making hacking the flexible approach to hacking. But AI isn’t
major implications. 81% of
income source that is so just a tool—it’s a target. AI is a
hardware hackers encountered a
desirable right now, especially new attack vector that 82% of
vulnerability type they had never
considering it can be done at hackers believe is evolving too
seen before in the past 12 months.
home (or anywhere else in the rapidly to adequately secure.
Hackers are up for the challenge,
world, for that matter).
partially due to the increased
accessibility of hardware hacking
tools and educational materials.

The hackers surveyed and spotlighted systems—crowdsourced security will play

in this report are security experts on the
cutting edge of an ever-evolving threat
landscape. They aren’t just breaking
our applications, network infrastructure,
and hardware, they’re building it back
up too. With each flaw that is exposed,
security teams’ defenses strengthen.
a fundamental role in helping organizations
tap into the creativity, technical
expertise, and ingenuity of hackers.
Pair this badass hacker community with
an AI-powered platform, skill-matching
technologies, and a fast-moving triage team?
ITMOAH 2024

For as long as humans write code and Your security team will be unstoppable.
deploy the systems that power the But you know who won’t be unstoppable?
internet—and for as long as humans The threat actors waiting at your
have reason to maliciously attack these perimeters. Let’s keep them out, shall we?

33
 HACKER DEMOGRAPHICS
Content Gallery
Chow down on more hearty stories from Bugcrowd below

HACKING MOTIVATIONS
REPORT GUIDE

Inside The Ultimate

The Mind Guide To AI
Of A CISO Security

HARDWARE HACKING
Gain a Better Understanding The Basics of AI Security
of the Evolving, Nuanced + Ways to Prevent Attacks
Role of the CISO Against AI Systems

HACKERS AND AI
DATA SHEET DATA SHEET

Engineered Discover
Hacker Trust CrowdMatch

How We Build the Right The Technology

Team of Trusted Hackers that Brings You the Right
for your Program Crowd at the Right Time
ITMOAH 2024

34

Glossary
This year’s edition of Inside the Mind of a Hacker has 9,594 words!
That’s a lot of foundational security terms, emerging AI lingo, hidden pop
culture references so our Gen-Z social media manager thinks we’re still
relevant, and even the occasional buzzword (we’re only human).
ck out the
We’ve defined a few here, but che
nsive list of
Bugcrowd Glossary for an exte
s.
definitions and additional resource
Data Poisoning: A form
AI Bias: Systematic
of adversarial attack
errors in the output of
involving the intentional
an AI system resulting
manipulation of training
from underlying biases
data in machine
in the training data or
learning systems to
algorithm design.
produce incorrect or
AI Red Teaming: A biased outcomes.
technique used to test
Disclosure: The practice
the security of machine
of reporting security
learning models. It
flaws in computer
involves simulating
software or hardware.
attacks on the model to
identify vulnerabilities Fault Injection: A
and weaknesses. technique used to
evaluate a system's
Autonomous Vehicles:
dependability by
A vehicle capable of
intentionally introducing
sensing its environment
faults to observe
and operating without
how it reacts.
human involvement.
Firmware: A form of
Brat Summer: A social
microcode or program
media trend during
embedded into hardware
the summer of 2024,
devices to help them
originated from the
operate effectively.
themes of Charli
XCX's album, Brat. Generative AI: Generative
AI is a type of artificial
Bug Bash: In-person,
intelligence technology
1-2 day events that
that can produce various
bring hackers and
types of content, including
customers together in
text, imagery, audio and
a high-intensity, highly
synthetic data in response
collaborative, bug
to prompts. Generative
bounty-style program
AI models learn the
managed by Bugcrowd.
patterns and structures
CTF Events: A Bugcrowd of their input training
Capture the Flag (CTF) data, and then generate
event is a collaborative new data that have
hacking challenge where similar characteristics.
hackers can win swag
Hardware Hacking: The
bundles, earn private
process of manipulating
invites, and network
or modifying physical
with other hackers.
devices in order to
gain access to their
functions or data.
I, Robot: A 2004 science
fiction action movie where
highly intelligent robots fill
public service positions
throughout the world.
Internet of Things
(IoT): Any device
(often called a smart
or connected device)
that connects to and
exchanges information
over the internet.
Large Language Model
(LLM): An AI algorithm
that uses deep learning
to understand language
from vast datasets.
LLMs can summarize,
translate, predict, and
generate human-like text,
making them powerful
tools for natural language
processing tasks, such
as machine translation,
question answering, and
creating contextually
relevant content.
OWASP: The Open Web
Application Security
Project (OWASP) is a
non-profit organization
that works to improve
the security of web
applications.
Phreak: A subculture of
hacking that started in
the 1970s. These hackers
focused on manipulating
and exploiting
telephone networks.
Prompt Injection: The
malicious act of inserting
unauthorized commands
or data into a user's
interactions with a system,
often to gain unauthorized
access or control.
HACKER DEMOGRAPHICS
HACKING MOTIVATIONS
Safe Harbor: A provision
from an organization that
hackers engaged in good
faith security research
and ethical disclosure are
authorized to conduct
HARDWARE HACKING
such activity and will not
be subject to legal action
from that organization.
Scope: Outlines the
rules of engagement
for a bounty program.
This includes a clearly
defined testing parameter
HACKERS AND AI
to inform researchers
what they can and
cannot test, as well as
the payout range for
accepted vulnerabilities.
Side Hustle: A secondary
job or project pursued
outside of one's primary
employment, often for
additional income or
personal fulfillment.
The Crowd: The global
community of white hat
hackers on the Bugcrowd
platform who compete
to find vulnerabilities in
bug bounty programs.
Vulnerability Rating
Taxonomy (VRT):
The official standard
used by Bugcrowd for
assessing, prioritizing, and
benchmarking the severity
of security vulnerabilities.
ITMOAH 2024
35
I N S I D E T H E M I N D O F A H AC K E R 2 024