“White-hat hackers” are individuals who legally and ethically discover and resolve vulnerabilities in computer systems and networks. Their work is critical for security researchers, who strengthen cybersecurity by proactively finding vulnerabilities and reporting issues to relevant organizations, helping to fix them before malicious hackers can exploit them. In recent years, AI technology has made significant advances in various fields. Mr. Wu’s expertise and achievements in “WooYun” (literally translated as “black cloud”, which refers to the security risks faced by online communities) mentioned in the article have played an important role in maintaining global Internet security. He played a leadership role in transforming WooYun from a niche security community with less than 2,000 members to the largest white hat platform with over 20,000 registered members. What’s more, through this platform, some important security incidents are discovered and disclosed; therefore, businesses and individuals can prevent further damage. From your perspective, what are the current major limitations of AI technology in the field of cybersecurity? Looking ahead, how do you envision the Huoxian security platform utilizing AI technology to propel the progress of the entire cybersecurity industry?
Huoxian CEO Wu Di
Q: What are the current limitations of AI technology in the field of cybersecurity, and how does Huoxian Security plan to leverage AI for progress?
Wu Di: The limitation of AI in the field of cybersecurity is that, as of now, AI technology mainly learns from existing data generated by humans, while cybersecurity needs to deal with the “unknown” challenges. From this perspective, I have doubts about whether AI’s creativity can surpass top hackers, just like AI has not yet become the greatest inventor, writer, or musician in the world. If AI cannot fully transcend the capabilities of top hackers, it implies that we still face the risk of hacker intrusions.
However, on the other hand, it’s evident that AI can enhance the capabilities of the security industry. For instance, AI can learn from a vast amount of attack data and thereby summarize and even predict possible attack behaviors, which is entirely feasible. Furthermore, agent technology in AI can invoke and coordinate different tools, which will help enhance the efficiency of cybersecurity experts and products. These are the directions the Huoxian security platform is researching.
Moreover, the development of AI technology itself requires the participation of more security personnel. For instance, Open AI has already initiated rewards targeting global security personnel, encouraging the community to identify existing security vulnerabilities. Google is also actively developing its “AI Red Team” and has introduced frameworks like SAIF (Secure AI Framework). All these efforts signify that AI technology providers are actively focusing on the security of AI. Additionally, the safety of AI is not limited to “Security” but also encompasses a broader sense of “Safety,” to which professionals in the security industry can also contribute signific.
Q: In the current market environment, we can see that achieving a win-win situation for all parties is an important goal. Could you share how the Huoxian security platform plans to more closely connect the parties involved, the white-hat hackers, and the platform, thereby advancing the entire cybersecurity industry forward?
Wu Di: The core value of Huoxian Security is “equality” and “empowerment”. The reason we emphasize equality is that white-hat hackers, being the “attackers” from the perspective of enterprises rather than traditional customers, sometimes encounter unequal treatment. Although there has been significant improvement in recent years, we believe there is still a lot of room for growth. Only when white-hat hackers are valued will black-hat hackers do not have an opportunity. Our platform not only facilitates equal communication between white-hat hackers and enterprises but also offers equivalent financial rewards to white-hat hackers, which we consider to be within the realm of equality.
As for empowerment, it is our responsibility as a platform to innovate in various ways to enable white-hat hackers to better serve enterprises. We approach this innovation mainly from two aspects. The first is to allow white-hat hackers to acquire more knowledge and techniques concerning security, thereby enhancing the capabilities of the entire industry. If the skills of white-hat hackers are improved, the capabilities of the enterprises they serve will naturally increase as well. On the other hand, we aim to develop tools for white-hat hackers, aiding them in enhancing their efficiency during operations, enabling them to serve more enterprises, and allowing them to unleash their potential and identify more unknown risks during this process.