close
close

Ethical Hacking in the AI-Driven Cybersecurity Landscape

0

In today's ever-evolving cybersecurity landscape, ethical hacking is essential to protecting organizations from growing threats. White hat hackers specialize in identifying and remediating vulnerabilities that are essential to these security efforts. The rise of artificial intelligence (AI) and its increasing application in attacking and defending systems is changing the landscape of ethical hacking, bringing with it new difficulties and opportunities.

In an email interview, David Rajoo, senior systems engineering specialist at Japac Cortex, provided insights into the responsibilities of ethical hackers, the growing role of AI, and the importance of building trust between hackers and companies.

Collaborative strategies

Organizations should create a clear framework that defines the scope of testing and outlines legal policies regarding authorization, data protection and security, liability and confidentiality.

Rajoo stressed the need to “establish clear parameters for collaboration and emphasized the importance of responsible disclosure.” When ethical hackers discover vulnerabilities in a system, they should share that information directly with the organization rather than sharing it on external platforms such as darknet forums.

Latest news


delivered to your inbox

Sign up for the Manila Times newsletter

By signing up with an email address, I acknowledge that I have read and agree to the Terms of Service and Privacy Policy.

Rajoo also pointed to the challenges posed by gray hat hackers – individuals who could identify and publicly disclose vulnerabilities without explicit permission. He stressed that “it is important to address these scenarios and manage the risks associated with such disclosures.”

Legal and ethical limits

Rajoo stressed the importance of “obtaining explicit permission from organizations before conducting hacking activities.” This step ensures that hackers operate within clearly defined scopes, methods and timelines.

White hat hackers should avoid causing harm or stealing confidential data. Instead, they should focus on highlighting potential risks to improve security. Stressing the importance of confidentiality, Rajoo stated, “They must keep their findings confidential and share information only with the organization.” Ethical hackers must only use legal assessment methods and must not conduct malicious hacking or collaborate with black hats.

The role of AI in ethical hacking

As AI-driven attacks become more common, white hat hackers can leverage AI to strengthen their ability to identify and remediate vulnerabilities. Rajoo pointed to Unit 42's 2024 Incident Response Report, which states that threat actors are using AI to bypass identity verification, create fake media that mimics real people, and maliciously use large language models (LLMs) and enhanced phishing attacks. Unit 42 also predicts that “in the future, threat actors could leverage AI to continuously monitor vulnerabilities in organizations that humans could not keep up with.”

To counter these evolving threats, white hat hackers can leverage the same AI technologies as attackers. Rajoo noted that “Palo Alto Networks' Unit 42 designs simulations with customized scenarios that reflect current attacks, including AI-powered threats,” which helps organizations assess their incident response strengths and identify areas for improvement.

He also emphasized the importance of a zero-trust mentality, stressing that companies must “continuously verify all users and devices to minimize the risk of unauthorized data access.”

Building trust with organizations

To build trust with businesses and government agencies, white hat hackers must obtain permissions and maintain confidentiality. Rajoo stressed that “ensuring data security and compliance is critical for both governments and businesses.” Hackers must maintain transparency by obtaining consent, maintaining data privacy, and avoiding service disruptions.

Rajoo also stressed the importance of collaborating with local law enforcement and sharing information to promote proactive cybersecurity. He mentioned how in the Philippines, the National Privacy Commission (NPC) worked with local patriot hackers to strengthen the Philippine Identification System (PhilSys).

He also cited the example of Ethical Hackers Indonesia, a hacker community group that helped local law enforcement agencies raise a generation of cybersecurity defenders.

To further build positive relationships, organizations can implement bug bounty programs that incentivize ethical hackers to identify and report vulnerabilities.

Rajoo noted, “Organizations can build positive relationships by establishing clear frameworks and parameters that define the scope and requirements of their work.”

The future of ethical hacking

Ethical hackers will continue to play an essential role in cybersecurity, enabling organizations to proactively identify and respond to vulnerabilities before actual attackers exploit them.

Palo Alto Networks supports the public and private sectors with proactive assessment services through its Unit 42 team and provides integrated AI-powered security through its Precision AI tools.

Rajoo explained, “Precision AI includes machine learning, deep learning and generative AI tools and is integrated into Palo Alto Networks' platforms – Strata, Prisma and Cortex. These offerings help organizations detect, respond to and prevent AI-driven attacks and other emerging threats, so they always stay one step ahead.”

Rajoo noted that curiosity is the most important skill ethical hackers should develop, stressing the importance of remaining flexible and keeping up with evolving threats. “Good white hat hackers make sure they take the time to look ahead and consider problems that could be much more complex than current attacks.”