Crowdsourced security gives CISOs edge in AI & data privacy
A new research report from HackerOne reveals how a select group of Chief Information Security Officers (CISOs) are achieving a security advantage by fully leveraging crowdsourced security techniques.
The report, entitled 'The 15% Advantage: How High-Performing CISOs Leverage Crowdsourced Security,' is based on a global survey of 400 CISOs from large organisations across 13 industries. It highlights an emerging trend: while almost all CISOs are aware of crowdsourced security methods, only a minority are applying all major components - bug bounties, vulnerability disclosure programmes (VDPs), and third-party penetration testing - in tandem.
Adoption statistics
According to the research, 94% of CISOs are familiar with crowdsourced security. Despite this widespread awareness, just 15% use all three key components together. The report identifies a noticeable difference in outcomes depending on the breadth of adoption. While 73% of CISOs who employ any form of crowdsourced security rate it as effective in identifying and eliminating vulnerabilities, this figure increases to 89% among those deploying the combination of bug bounties, VDPs, and third-party penetration tests.
Alex Rice, Co-Founder and CISO at HackerOne, commented on the increasing responsibilities faced by CISOs today. "There are many demands on the modern CISO. As the CISO role increases in complexity with the responsibility for AI safety and data privacy, it's critical that CISOs leverage the full spectrum of offensive security tools to keep pace with modern threats," he said.
Changing CISO roles
The findings underscore the expanding remit of CISOs in enterprise environments. The survey indicates that 84% of CISOs are now responsible for AI safety, reflecting a significant shift from traditional cybersecurity priorities. Data privacy is also prominent, with 82% of respondents reporting oversight responsibility in this area.
Kara Sprague, Chief Executive Officer of HackerOne, emphasised the evolving nature of security leadership in an AI-driven climate.
Crowdsourced security isn't new. But leading with it in the age of AI is what sets today's top CISOs apart. As AI expands the enterprise attack surface and raises the stakes for rapid response, human ingenuity and outside perspective are more essential than ever. Organisations seeing the most value engage the global community of independent security researchers for responsible vulnerability disclosure, bug bounty, and pentesting across their digital assets and AI systems. This is about moving beyond experimentation and point solutions - toward a proactive, integrated approach.
Effectiveness and future plans
The report outlines clear effectiveness in using crowdsourced security for critical new risks, including AI vulnerabilities. Of the CISOs currently deploying crowdsourced methods, 81% find them effective for discovering and eliminating threats within AI systems. Additionally, 88% cite positive outcomes from crowdsourced approaches in general.
For those not yet utilising crowdsourced security, interest is high. 86% of CISOs in this group intend to adopt such measures within the next year, with more than half specifically planning to address AI-related security risks.
Organisational motivation
The report notes that offensive security is increasingly a board-level concern, driving demand for external perspectives and tests that can surface issues missed by in-house teams. High-performing CISOs adopting all three key elements of crowdsourced security appear to realise stronger protection, supporting a trend towards more proactive and comprehensive security measures in large organisations.
The survey data and accompanying analysis in 'The 15% Advantage' highlight how the adoption of a full range of crowdsourced security practices is emerging as a strategic approach among a leading subset of CISOs to address contemporary threats, particularly related to AI and data privacy.
