APAC Media & CISO Cybersecurity Roundtable: David Gerry, CEO of Bugcrowd, Discusses AI and Hacker Insights
At the APAC Media & CISO Cybersecurity Roundtable, Bugcrowd, an emerging crowd-sourced cybersecurity platform, took centre stage. Bugcrowd’s CEO, David Gerry, made an appearance and shed light on the influence of AI, policymakers and ethical hackers on the future trajectory of the cybersecurity landscape.
David began by recounting his journey from being Bugcrowd’s first million-dollar customer to its CEO. He further added that Bugcrowd has seen tremendous growth over the last 12 months, stating, “We’ve added over 220 new customers to the platform, and over 50,000 hackers to the platform. And we’ve grown the Bugcrowd team by about 130 full-time employees, including folks here in Singapore as well.”
Bugcrowd’s remarkable growth has not only enabled the platform to diversify its customer portfolio to span across preeminent global technology brands and industries but also facilitated the platform’s expansion into the Asia-Pacific market, branching out beyond Australia and the USA, broadening its service availability and reach. Recognising this huge momentum they have built up, Bugcrowd is now actively working to expand its technology portfolio further and explore new markets.
To that end, Bugcrowd secured USD $102 million in strategic funding in a fundraising round led by General Catalyst. The secured fund will be used to invest in research and development, enabling Bugcrowd to continue building and adding innovations to its crowdsourced security platform.
Expanding on the subject of innovations, David briefly talked about Bugcrowd Vulnerability Rating Taxonomy (VRT) updates that include AI security that prioritises vulnerabilities in Large Language Models (LLM). According to him, this update is a show of Bugcrowd’s commitment to helping not only themselves but everyone to stay ahead of the evolving threat landscape.
Following the updates, David presented the “Inside the Mind of the Hacker” report, which explores the workings of hackers’ minds and points of view. To summarise, the report analysed 1000 survey responses from hackers on Bugcrowd’s platform where 84% believe companies underestimate the dangers and risks hackers possess especially now the world is entering an AI-driven era. And 91% of the hackers on Bugcrowd’s platform believe that an AI-driven world would amplify their ability and the value of their work. The same also applies to the opposing side, so it would be prudent for companies to make light of hackers’ threat, particularly as the world is growing reliant on AI technology—a technology that is impressive just as it is complicated and full of variables.
These findings prompted Bugcrowd to integrate AI security that prioritises vulnerabilities in LLM into their VRT. AI will have an even more profound influence on the threat landscape as it will also change the way hackers target and execute their attacks. However, this also impacts Bugcrowd and their customers’ view of certain vulnerability classes and how it would affect them.
According to David, from the inception of Bugcrowd until today, the web is still and continues to be the biggest vector of attacks. Their Vulnerability Trends result shows a 30% increase in web vulnerability submissions. This result perfectly aligns with one of the survey results from the “Inside the Mind of the Hacker” report, that companies are underestimating the risks and dangers possessed by hackers, especially in this AI-drive era. Leading them to still use outdated code, server configuration, database, and third-party plugins or extensions. All of which can become vulnerable points for hackers to exploit.
This issue becomes more pressing as the talent gap within cybersecurity keeps growing. However, David believes to solve the current talent gap issues, cybersecurity companies should start diversifying their talent pool, to go beyond what’s on paper and official qualifications. It is time to consider other factors as well when recruiting a cybersecurity talent such as are the potential recruits motivated enough or maybe curious enough so they can be taught and moulded into excellent cybersecurity talent. Bugcrowd managed to identify this trend, said David, that is why they are leveraging the hacker community or “crowdsource” because the talent pool is well-diversified, enabling them to look beyond textbook issues and solutions. Thus, able to provide quick and efficient solutions to threats.
Concluding his session, David reminds the world that there’ll be no end to cybercrimes. It will continue to grow in frequency and number, it will always be there. It is an eternal game of cat and mouse. So, it is up to the white hats or defenders to safeguard the digital realm from threats. But, the effort to combat threats doesn’t fall on the shoulders of cybersecurity professionals alone. Other responsible parties, particularly board members of organisations must start acknowledging the severity of cyber threats and the value of properly investing in cybersecurity.