HackerOne

HackerOne Reveals Organizations Feel Confident Fighting AI Threats Despite Incidents

SAN FRANCISCO, April 25, 2024: HackerOne, the leader in human-powered security, today revealed that although 95% of IT and security professionals say they are confident they can defend against AI-driven threats, one third admitted their organization experienced an AI-related security incident in the last year. These findings are the results of a research survey that shows a gap between organizational confidence and the reality of growing risks posed by an evolving AI threat landscape. 

The research also provided a snapshot of how security teams are prioritizing security investment and solutions to combat AI risk:

  • Organizations are making significant allocations for AI security in budgets this year. Nearly three-quarters of respondents have reserved 20% or more security budget to address AI security risks.
  • Regulatory momentum and GenAI tool adoption are fueling AI security investment. Respondents cited AI-focused regulation (65%), the internal adoption of GenAI tools by employees (63%), and security incidents caused by AI (33%) as core drivers for growing AI security investment.
  • Security teams are using AI red teaming, or adversarial testing of AI systems, as a way to reduce AI risk. 37% of respondents say their organization has implemented AI red teaming initiatives to fortify AI systems against malicious attacks. 

“We must all take GenAI threats seriously, but confidence should come with understanding, and none of us fully comprehend what the biggest GenAI security and safety threats are for most organizations quite yet," said Michiel Prins, co-founder of HackerOne. "It’s clear some have recognized that the fastest way to understand the unique and novel risk to their organizations is through AI red teaming, which means they outrun cybercriminals as the first to identify and define the latest security and safety risks.”

HackerOne works with organizations, including Zoom, Snap, and PayPal, on AI red teaming engagements to improve the security and safety of AI tool and feature deployments. HackerOne offers both AI safety and AI security red teaming, in the form of pentest engagements, security assessments, and bug bounty programs. In February, HackerOne also announced its AI copilot Hai, which uses GenAI to enhance program insights for customers and hackers; Hai is now available to all HackerOne customers through the HackerOne platform.

To learn more about the survey findings, HackerOne, and HackerOne’s GenAI co-pilot Hai visit Booth #5685 during RSA Conference at the North Expo Hall, May 4-9.

Methodology

The CensusWide Survey was conducted between April 18-22, 2024. The nationwide online survey gathered insights from 300 U.S. IT and security professionals aged 18 and up at companies with 10 or more employees.

About HackerOne

HackerOne is the global leader in human-powered security. We leverage human ingenuity to pinpoint the most critical security flaws across your attack surface to outmatch cybercriminals. HackerOne’s Platform combines the most creative human intelligence with the latest artificial intelligence to reduce threat exposure at all stages of the software development life cycle. From meeting compliance requirements with pentesting to finding novel and elusive vulnerabilities through bug bounty, HackerOne’s elite community of ethical hackers helps organizations transform their businesses with confidence. HackerOne has helped find and fix more vulnerabilities than any other vendor, for brands including Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S Department of Defense. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.