IN today’s constantly evolving cybersecurity landscape, ethical hacking is now vital for protecting businesses from growing threats. White hat hackers specialize in detecting and resolving vulnerabilities essential to these security efforts. The rise of artificial intelligence (AI) and its increasing application in attacking and defending systems is altering the landscape of ethical hacking, posing new difficulties and opportunities.
In an email interview, David Rajoo, senior systems engineering specialist at Japac Cortex, shared insights into ethical hackers’ obligations, the expanding role of AI, and the significance of fostering trust between hackers and enterprises.
Collaborative strategies
Organizations should establish a clear framework that defines the scope of testing and outlines legal guidelines covering authorization, data privacy and protection, liability, and confidentiality.
Rajoo emphasized the need to “establish clear parameters for collaboration and stressed the importance of responsible disclosure.” When ethical hackers identify vulnerabilities within a system, they should communicate this information directly to the organization rather than sharing it on external platforms, such as dark web forums.
Rajoo also noted the challenges gray hat hackers pose — individuals who might identify vulnerabilities without explicit permission and disclose them publicly. He stressed that “it is important to address these scenarios and manage the risks associated with such disclosures.”
Legal and ethical boundaries
Rajoo highlighted the importance of securing “explicit permission from organizations before conducting any hacking activities.” This step ensures hackers operate within clearly defined scopes, methods and timelines.
White hat hackers should avoid causing any damage or stealing sensitive data, focusing instead on demonstrating potential risks to improve security. Rajoo stressed the importance of confidentiality, stating, “They must keep their findings confidential, sharing information only with the organization.” Ethical hackers must use only legal assessment methods and refrain from malicious hacking or associating with black hats.
Role of AI in ethical hacking
As AI-driven attacks become more common, white hat hackers can use AI to strengthen their ability to identify and address vulnerabilities. Rajoo referenced the 2024 Unit 42 Incident Response Report, stating that threat actors use AI to bypass identity verification, create fake media that mimics real individuals, and maliciously use large language models (LLMs) and enhanced phishing attacks. Unit 42 also predicts that “in the future, threat actors may use AI to continuously monitor vulnerabilities in organizations, which humans would not be able to keep up with.”
To counter these evolving threats, white hat hackers can utilize the same AI technologies that attackers use. Rajoo pointed out that “Palo Alto Networks’ Unit 42 designs tabletop exercises with customized scenarios reflecting current attacks, including AI-powered threats,” which helps organizations assess their incident response strengths and identify areas for improvement.
He also underscored the importance of a zero-trust mindset, emphasizing that organizations must “continuously verify all users and devices to minimize the risk of unauthorized data access.”
Building trust with organizations
Building trust with businesses and government agencies requires white hat hackers to secure permission and maintain confidentiality. Rajoo asserted that “ensuring data security and compliance is crucial for both governments and businesses.” Hackers must uphold transparency by obtaining consent, safeguarding data privacy and avoiding service disruptions.
Rajoo also highlighted the importance of collaboration with local law enforcement and sharing information to foster proactive cybersecurity. He mentioned how, in the Philippines, the National Privacy Commission (NPC) worked with local patriotic hackers to strengthen the Philippine Identification System (PhilSys).
He also cited the example of Ethical Hackers Indonesia, a hacker community group that supported local law enforcement in fostering a generation of cybersecurity defenders.
To further build positive relationships, organizations can implement bug bounty programs that provide incentives for ethical hackers to identify and report vulnerabilities.
Rajoo noted, “Organizations can build positive relationships by establishing clear frameworks and parameters that define the scope and requirements of their work.”
Future of ethical hacking
Ethical hackers will continue to be an essential part of cybersecurity, enabling organizations to proactively detect and respond to vulnerabilities before actual attackers exploit them.
Palo Alto Networks supports public and private sectors with proactive assessment services through its Unit 42 team and offers integrated AI-powered security through its Precision AI tools.
Rajoo explained, “Precision AI incorporates machine learning, deep learning, and generative AI tools and is integrated across Palo Alto Networks’ platforms — Strata, Prisma and Cortex. These offerings help organizations detect, respond to, and prevent AI-driven attacks and other emerging threats, allowing them to stay ahead.”
Rajoo advised that curiosity is the most critical skill for ethical hackers to cultivate, emphasizing the importance of staying nimble and keeping up with evolving threats. “Good white hat hackers make sure they spend time looking ahead and considering problems that could be much more advanced than current attacks.
Be the first to comment