COMMENTARY

Hacking is innovation in its purest form. Like any other innovation, a successful hack requires developing a creative solution to the scenario at hand and then effectively implementing that solution. As technologies facilitate implementation, successfully preventing a hack (that is, blue teaming) or simulating an attack to test defenses (red teaming) will require a better understanding of how adversaries generate creative ideas.

The Evolution of Hacking

In the 1990s, many organizations and vendors did not sufficiently prioritize security when designing systems. As a result, finding solutions to bypass their security measures took hackers relatively little time. The problem was that while many hackers could imagine attacks that would bypass these rudimentary security measures, few had the technical skills to implement those attacks. For instance, while hacking enthusiasts theoretically understood how to abuse vulnerabilities in insecure network protocols, most lacked the technical skills necessary to write a raw socket library to do so. The bottleneck was implementation.

Inspiration from Various Sources

People may consider various sources for inspiration, such as research from search engines and social media platforms. These platforms can offer ideas about common combinations of knowledge, which can be valuable for estimating potential analogies that people interested in hacking may be more likely to generate. Additionally, research from market basket analysis, for instance, can provide insights into common combinations of knowledge that people interested in hacking may be more likely to generate. Finally, crowdsourcing-based research, such as hacking challenges, will again be an asset, but the focus will be not only on the attack but also on the prompts used to develop that attack. Prompts that result in novel attacks are likely to be regularly utilized by both blue and red teams, much like Google Dorks are employed today.

The Role of LLMs and Behavioral Sciences

As Large Language Models (LLMs) broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses. Insights from behavioral sciences like marketing will play a key role in achieving this goal.