The Hacker Blueprint: Crowdsourcing Cybersecurity and the Reality of AI Targets
In this live recording of Security Tech Talk, host Steve Kenny explores the rapidly evolving world of offensive cybersecurity with Kevin Kersley, Regional Director for EMEA at Bugcrowd. Fresh off being featured by the BBC, Kevin shares how Bugcrowd connects global organizations with a massive network of ethical hackers to identify hidden vulnerabilities before malicious actors can exploit them.
Steve and Kevin dive deep into the fundamental shift from traditional penetration testing to continuous crowdsourced security. They unpack the real-world implications of the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act, examine how malicious actors are moving from "AI as a threat" to "AI as a target" via data poisoning, and discuss why leading physical security manufacturers like Axis Communications are championing transparent public and private bug bounty programs.
About Our Guest:
- Kevin Kersley: Regional Director across EMEA for Bugcrowd. Kevin is an expert in crowdsourced threat intelligence, helping enterprises navigate compliance, manage vulnerability disclosure programs (VDPs), and harness the ingenuity of the global ethical hacking community to secure both hardware and software systems.
Chapters:
- (0:00:06) – Introduction & The Limits of Pen Testing
Steve welcomes Kevin to the show. Kevin breaks down the core difference between a standard penetration test (a rigid, time-boxed checklist of known flaws) and a bug bounty program, which unleashes creative human ingenuity to find completely unknown vulnerabilities.
- (0:02:40) – Inside Bug Bounty Programs & Vetting Ethical Hackers
Kevin highlights Axis Communications’ forward-thinking stance on public and private bug bounty programs. He addresses common misconceptions about the hacking community and explains how Bugcrowd monitors and maintains strict trust frameworks.
- (0:04:30) – The PSTI Act & Online Neighborhood Watch
A deep dive into the UK's Product Security and Telecommunications Infrastructure (PSTI) Act. Kevin explains the mandatory shift toward Vulnerability Disclosure Programs (VDPs) and why giving security researchers a clear, non-monetary path to report bugs is essential for modern business transparency.
- (13:18) – AI as a Target: Data Poisoning and Chatbot Hallucinations
The conversation shifts to large language models (LLMs) and the emerging threat of data poisoning. Kevin shares a fascinating case study on breaking multilingual logic and reviews the infamous Air Canada chatbot legal precedent, demonstrating why organizations must treat AI systems as highly exploitable targets.
- (18:37) – Offensive AI: Lowering the Barrier to Entry?
Steve and Kevin discuss whether generative AI tools allow anyone to become a hacker. They analyze how automation is boosting efficiency in offensive security while simultaneously lowering the technical bar for entry-level malicious cybercriminals.
- (22:22) – Proactive Hardening & The Rise of Hardware Hacking
Kevin outlines the future of Bugcrowd, underscoring the critical necessity of keeping a "human in the loop." He details the surging industry trend of hardware hacking, including real-world stress tests on retail point-of-sale (POS) systems, vehicles, and network-connected physical cameras.
Resources:
- Learn more about the Bugcrowd Platform and crowdsourced security solutions.
- Read about the landmark legal ruling: Moffatt v. Air Canada (2024 BCCRT 149) regarding AI chatbot liability.
- Review official UK government guidance on the Product Security and Telecommunications Infrastructure (PSTI) Regime.
- Explore more about Axis bug bounty program in cooperation with Bugcrowd
Meet your host Steve Kenny:
Steve has spent 15 years in the security sector undertaking various roles that have seen him take responsibility for key elements of mission critical, high profile projects across a number of different vertical markets. For the last several years, Steve has focused his attention on how technologies can best compliment day to day operations and specifically address operational issues by supporting the A&E consultant community across EMEA. Steve is a committee member for ASIS International focusing on Education for the security sector and the UK technology advisor for TINYg (Terrorist Information New York group).
Connect with Steve on LinkedIn
More about Axis Communications: Axis enables a smarter and safer world by improving security, safety, operational efficiency, and business intelligence. As a network technology company and industry leader, Axis offers video surveillance, access control, intercoms, and audio solutions. These are enhanced by intelligent analytics applications and supported by high-quality training.
Axis has around 5,000 dedicated employees in over 50 countries and collaborates with technology and system integration partners worldwide to deliver customer solutions. Axis was founded in 1984, and the headquarters are in Lund, Sweden.
Find out more about Axis Communications - Innovating for a smarter, safer world
