2022 has come to a close. This past year, researchers hunting bugs on the Bugcrowd Platform helped us tackle the widely impactful Log4j vulnerability, secure multiple data breaches, and create some pretty cool moments at our in-person Las Vegas Bug Bash, too.

As one of our busiest years yet, we can’t help but wonder what’s in store for the hacker community come 2023. To get your new year started right, we asked the top hackers in the industry (plus some Bugcrowd staff) to weigh in about what they expect, what they’re excited about, and even what they’re nervous about.

    Thomas (Hacker and Trust and SE at Bugcrowd)

“I think there could be some changes in the crime ecosystem next year. I could see fewer companies paying ransoms, which might lead to more dumps of company data or ransomware groups changing tactics to keep revenue coming in. In terms of bounty idk, I could see more companies interested in unique / unconventional vulnerabilities and running high paying programs focused on uncovering those findings.” 

    Erik de Jong (Hacker)

“There are certainly some more of those nasty supply chain issues like Log4j to be expected. I’ve seen some cool AI stuff popping up lately, but I think we’re not quite at the maturity level required to make this a mainstream thing. And lastly, I expect 2023 will be the year for MFA and/or passwordless logins to become the norm. That’s all from my crystal ball for now.” 

    tess (Hacker)

“Based on current trends and developments in the field of cybersecurity, it is likely that we will see a number of significant advancements in the coming years.One potential development that we may see in 2023 is an increased focus on AI and machine learning in cybersecurity. These technologies have the potential to greatly enhance our ability to detect and prevent cyber threats, and they may become increasingly integrated into cybersecurity systems and processes.”

    Alx (Hacker)

“There will be an increase in sophisticated attacks. We can expect a lot of high-profile breaches for 2023. Threat actors will step up their game yet again. We are living in rough times, and the amount of security incidents will definitely reflect that. We will also see increasing efforts to standardize security testing in the industry. The market will have an increasing demand for quality results with full coverage. Regulatory bodies are finally waking up and putting high demands on the cybersecurity of products worldwide.”

    Katie InsiderPhd (Hacker)

“I don’t think 2023 will be that different than 2022–that is to say, we will see novel attacks against large organizations, known security flaws exploited by attackers that were deemed not important enough to patch, and friendly hackers who will be there to let people know about them. Just make sure your organization is listening!” 

    Vortex (Hacker and Senior Manager of Security Ops at Bugcrowd)

“I predict that bug bounty programs will continue to grow and become more mainstream for larger organizations, given the quantity of data breaches that happened in 2022. These programs will continue to work alongside more traditional pentesting engagements where specific focus is required.” 

    arcwhite (Hacker and Director of Software Engineer at Bugcrowd)

“Defense-in-depth continues to be the only thing close to a security solution that works. Cryptocurrencies continue to not solve a single problem that anyone has. Endless discourse about whether or not you need qualifications to be a security practitioner will rage on.” 

    drunkrhin0 (Hacker and Hacker Success Manager at Bugcrowd)

“The current exponential rise of AI and ML will open more creative avenues for anomaly detection.” 

    prodigysml (Hacker and Director of Cybersecurity at Bugcrowd)

“I believe the crowd will eventually work together, which will result in world domination (jk)! In all honesty, I believe the concept of crowdsourced security will become more known and palatable, providing bounty hunters and pentesters more opportunity to show off their skills, make more money, and impact society!” 

    Bsysop (Hacker)

“New solutions based on AI will be created, but still in an early stage. Automated reconnaissance and scanning will be more common by companies and researchers. Based on the statistics, the number of new CVEs in 2023 will be at least 30% more than in 2022. New critical vulnerabilities that massively break the Internet will be discovered. Crowdsourced pentesting and bug bounty will become more common.”

    Casey Ellis (Hacker and CTO and Founder of Bugcrowd)

“One prediction for a bug bounty trend in 2023 specifically related to machine learning and AI is that these technologies will increasingly be used to automate and augment various aspects of the bug bounty process. This could include the use of machine learning to analyze code and identify potential vulnerabilities, the use of natural language processing to analyze reports and extract relevant information, and the use of AI-powered tools to help prioritize and triage reported vulnerabilities. The use of these technologies could help organizations more efficiently run their bug bounty programs and allow bug hunters to focus on more high-impact tasks.”

(*** This prediction may or may not have been generated by ChatGPT ***)

Best is Yet To Come

We hope 2023 is your best year yet. Here’s to more payouts, more hacker friends, and more AI generated content to keep us entertained until robots 🤖 take over the planet. Oh, and a safer internet!
Stay up to date with all the things Bugcrowd at Bugcrowd Twitter, Instagram, and Discord.