Abstract
This paper explores the potential use of generative Artificial Intelligence (GenAI) to enhance the effectiveness and efficiency of ethical hacking, and outlines a proof-of-concept implementation. It briefly reviews the fundamentals of GenAI with a focus on ChatGPT, and then summarises the concept and phases of ethical hacking. The paper also critically assesses risks such as misuse of AI, data biases, and the danger of over-dependence on technology, emphasising the importance of a collaborative human-AI partnership. The paper concludes with a discussion of possible future directions, including use of AI in strengthening cyber defences. This research contributes to the ongoing dialogue around the ethical and innovative application of AI to bolster security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Open Information Systems Security Group (OISSG): Information Systems Security Assessment Framework (ISSAF) (2006). https://www.untrustednetwork.net/files/issaf0.2.1.pdf
Penetration Testing Execution Standard (PTES). PTES Technical Guidelines (2014). https://www.pentest-standard.org/index.php/Main_Page
Al-Sinani, H., Mitchell, C.: Unleashing AI in ethical hacking: a preliminary experimental study. Technical report, Royal Holloway, University of London (2024). https://pure.royalholloway.ac.uk/files/58692091/TechReport_UnleashingAIinEthicalHacking.pdf
Brown, T.B., et al.: Language models are few-shot learners. Adv. Neural Inf. Process. Syst. 33, 1877–1901 (2020). https://arxiv.org/abs/2005.14165
Gupta, M., Akiri, C., Aryal, K., Parker, E., Praharaj, L.: From chatgpt to threatgpt: impact of generative AI in cybersecurity and privacy. IEEE Access, 11, 80218–80245 (2023). https://doi.org/10.1109/ACCESS.2023.3300381
Handa, A., Sharma, A., Shukla, S.K.: Machine learning in cybersecurity: a review. WIREs Data Min. Knowl. Disc. 9(4), e1306 (2019). https://doi.org/10.1002/WIDM.1306
Harrison, J., Toreini, E., Mehrnezhad, M.: A practical deep learning-based acoustic side channel attack on keyboards. In: IEEE European Symposium on Security and Privacy, EuroS &P 2023 - Workshops, Delft, Netherlands, 3–7 July 2023, pp. 270–280. IEEE (2023). https://doi.org/10.1109/EUROSPW59978.2023.00034
Institute for Security and Open Methodologies (ISECOM): Open Source Security Testing Methodology Manual (OSSTMM) (2020). https://www.isecom.org/OSSTMM.3.pdf
OWASP (Open Worldwide Application Security Project). OWASP top ten (2021). https://owasp.org/www-project-top-ten
Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Technical guide to information security testing and assessment (NIST SP 800-115). Special Publication 800-115, National Institute of Standards and Technology (2008). https://csrc.nist.gov/publications/detail/sp/800-115/final
Vaswani, A., et al.: Attention is all you need. In: Guyon, I.,et al. (eds.) Advances in Neural Information Processing Systems 30: Annual Conference on Neural Information Processing Systems 2017, December 4-9, pp. 5998–6008. Long Beach, CA, USA. (2017). https://proceedings.neurips.cc/paper/2017/hash/3f5ee243547dee91fbd053c1c4a845aa-Abstract.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Al-Sinani, H.S., Mitchell, C.J., Sahli, N., Al-Siyabi, M. (2025). Unleashing AI in Ethical Hacking. In: Martinelli, F., Rios, R. (eds) Security and Trust Management. STM 2024. Lecture Notes in Computer Science, vol 15235. Springer, Cham. https://doi.org/10.1007/978-3-031-76371-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-76371-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-76370-0
Online ISBN: 978-3-031-76371-7
eBook Packages: Computer ScienceComputer Science (R0)