MSSP, MSP, Managed Security Services, Generative AI, Application security, Automated penetration testing, Breach and attack simulation, Threat Hunting, Bug Bounties, Penetration Testing

Ethical Hackers are Ramping Up AI Adoption, Collaboration: Bugcrowd

The internet is replete with daily news stories about threat actors using AI to grow the speed, scale, frequency, and capabilities of their attacks, often outpacing the security capabilities of enterprises.

That said, in the ongoing cybersecurity AI arms race, security teams and MSSPs also are incorporating the technology into their defenses. One group embracing AI are ethical hackers, who are using it to augment the work they do finding vulnerabilities in networks and systems so organizations can fix them.

In a report this week, Bugcrowd said AI adoption among “white hat” hackers – security researchers, penetration testers, and the like – is accelerating, with 82% of the more than 2,000 surveyed saying they used generative AI tools in their workflows in 2025, a significant jump from the 64% who said the same thing in 2023 and 77% a year later.

The reasons they use AI are varied, but tend to veer towards speed and automation, code analysis, and using it as a tech assistant when they run into unfamiliar technology, according to Bugcrowd’s ninth annual Mind of a Hacker survey.

“Hackers use AI to scale their operations, such as generating reconnaissance tools, automating workflows, and creating custom scripts in seconds instead of hours,” the report’s authors wrote. “As one hacker puts it simply, ‘AI automates the boring stuff to save speed and time.’ AI also accelerates learning and problem-solving. Hackers use AI to understand new frameworks, debug errors, generate payloads, and explore different methodologies.”

A Proven Technology for Hackers

According to the survey, 74% of hackers say AI already has proven its value to them, a jump over the 23% that saw value in 2023.

In addition, Bugcrowd executives noted that the expanding use of AI is allowing hackers to automate their searches for what they called “low hanging fruit” security flaws and spending more time on more complex and critical vulnerabilities that pose a greater risk to organizations if uncovered by bad actors.

“In 2026, security teams can no longer rely on humans doing everything by hand,” said Ram Varadarajan, CEO at security firm Acalvio. “The model has to change to allow humans to direct AI-driven workflows, just as hackers do. It's fated to be a bot-on-bot duel forevermore. [Organizations should] assume a machine-speed AI-augmented attacker or autonomous AI attack, and defend with machine-speed AI that leverages the adversarial AI's own vulnerabilities.” 

Bugcrowd CEO Dave Gerry said cybercriminals in all forms are using AI to accelerate the pace and frequency of attacks, and AI is needed to better defend against them.

“Whether through internal security teams or outsourcing part of their security operations to managed services firms, security teams must quickly ramp up their usage of AI in response to the increased threat environment,” Gerry said.

The 'Immense Opportunity' for MSSPs

Likewise, MSSPs and other managed services firms are going to need to do the same. Their roles are changing, due in large part to the rise in AI adoption among bad actors.

“Their value now shifts from basic monitoring to a future of operating and managing AI security agents that can detect and respond in real time: bot-on-bot duels at scale,” Varadarajan said. “As attackers use AI to uncover industrial-scale numbers of flaws, especially in AI-generated code, providers will become the critical layer helping customers manage the much larger, faster-moving, and more dangerous attack surface.”

At the same time, AI provides an “immense opportunity” for MSSPs that want to differentiate from their competitors, Gerry said. They can use AI “not just for internal productivity and efficiency gains, but more importantly. for providing improved defense for their clients. Their ability to keep pace with attackers will dictate their ability to continue to win in this AI-first attack landscape.”

The Value of Collaboration

As the same time that ethical hackers are ramping up their use of AI, they’re also adopting a collaborative approach that threat groups – particularly ransomware gangs and those linked to adversarial foreign governments like China and Russia – use in their nefarious operations.

“State-sponsored attackers organize into specialized units with distinct expertise, and ransomware operations involve multiple groups working together,” the report’s authors wrote. “Initial access brokers find entry points, ransomware-as-a-service operators develop the tools, and execution teams deploy the final payload. Different people handle different aspects of the attack chain, each bringing their specific skills to the overall operation.”

About 40% of hacker surveyed said they work as part of a team while another 44% said they want to but have yet to find the right partners. In addition, 44% said they earn more money through collaboration.

It Takes a Team

“No single person can constantly relearn entire skill sets that quickly,” the authors wrote. “The technology stack has become so abstracted and layered that mastery across all areas is pretty much impossible. Even the best hackers have blind spots, and these are not due to a lack of skill or dedication. Together, teams stay ahead of the curve and provide coverage that a single individual cannot.”

The numbers reflect that, with 72% of hackers saying they get better results from teams, 80% said teams get faster results, and 60% said teams find more critical vulnerabilities.

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds