A new report finds that 72% of hackers believe artificial intelligence (AI) will not replace the creativity of humans in security research and vulnerability management.

The 2023 Inside the Mind of a Hacker report, released by Bugcrowd, delves into a wide range of topics, including the impact of AI on security, a peek at what professional hackers look like and the state of hacking.

The survey included 1,000 respondents from 85 countries, including the United States, Australia, Brazil, Canada, Ethiopia, India, France, Jordan, Singapore and the United Kingdom.

Generative AI was a major theme in the 2023 report, with 55% saying that it can already outperform hackers or will be able to do so within the next five years. However, hackers aren’t worried about being replaced, with 72% saying that generative AI will not be able to replicate the creativity of hackers.

When asked how generative AI is being used, the top functions that hackers mentioned were automating tasks (50%), analyzing data (48%), identifying vulnerabilities (36%), validating findings (35%) and conducting reconnaissance (33%). Nearly two out of three respondents (64%) believed that generative AI technologies have increased the value of ethical hacking and security research.

Challenging and confirming hacker stereotypes

Most hackers were Gen Z aged 18–24 (57%) or Millennials 25–34 (28%). Nevertheless, the stereotype of the teenage hacker proved to be more accurate than its counterpoint in Gen X phreakers, with 5% being under 18 and only 2% being over 45. Additionally, the trope of hackers being disproportionately male proved true, based on this research, with 96% of respondents identifying as male and just 4% as female, with another 0.2% identifying as non-binary or genderqueer.

Most hackers (82%) do not hack full time, treating it either as a part-time job, side hustle or something they are in the process of making a full-time occupation. Only 29% described hacking as their full-time profession. The motivations for ethical hacking were varied, but the top incentives included personal development (28%), financial gain (24%), excitement (14%) and the challenge (12%). Another 6% of respondents said they hack for the greater good, and 87% said that reporting a vulnerability is more important than making money from it.

While 54% of the respondents have graduated from college and 14% completed grad school, only 24% learned to hack through academic or professional coursework. The majority of hackers (71%) were self-taught, with most learning to hack through online resources (84%), while others learned through trial-and-error (40%) or friends and mentors (34%).