Episode 18

full
Published on:

14th Jul 2026

The Hacker Blueprint: Crowdsourcing Cybersecurity and the Reality of AI Targets

In this live recording of Security Tech Talk, host Steve Kenny explores the rapidly evolving world of offensive cybersecurity with Kevin Kersley, Regional Director for EMEA at Bugcrowd. Fresh off being featured by the BBC, Kevin shares how Bugcrowd connects global organizations with a massive network of ethical hackers to identify hidden vulnerabilities before malicious actors can exploit them.

Steve and Kevin dive deep into the fundamental shift from traditional penetration testing to continuous crowdsourced security. They unpack the real-world implications of the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act, examine how malicious actors are moving from "AI as a threat" to "AI as a target" via data poisoning, and discuss why leading physical security manufacturers like Axis Communications are championing transparent public and private bug bounty programs.

About Our Guest:

  • Kevin Kersley: Regional Director across EMEA for Bugcrowd. Kevin is an expert in crowdsourced threat intelligence, helping enterprises navigate compliance, manage vulnerability disclosure programs (VDPs), and harness the ingenuity of the global ethical hacking community to secure both hardware and software systems.

Chapters:

  • (0:00:06) – Introduction & The Limits of Pen Testing

Steve welcomes Kevin to the show. Kevin breaks down the core difference between a standard penetration test (a rigid, time-boxed checklist of known flaws) and a bug bounty program, which unleashes creative human ingenuity to find completely unknown vulnerabilities.

  • (0:02:40) – Inside Bug Bounty Programs & Vetting Ethical Hackers

Kevin highlights Axis Communications’ forward-thinking stance on public and private bug bounty programs. He addresses common misconceptions about the hacking community and explains how Bugcrowd monitors and maintains strict trust frameworks.

  • (0:04:30) – The PSTI Act & Online Neighborhood Watch

A deep dive into the UK's Product Security and Telecommunications Infrastructure (PSTI) Act. Kevin explains the mandatory shift toward Vulnerability Disclosure Programs (VDPs) and why giving security researchers a clear, non-monetary path to report bugs is essential for modern business transparency.

  • (13:18) – AI as a Target: Data Poisoning and Chatbot Hallucinations

The conversation shifts to large language models (LLMs) and the emerging threat of data poisoning. Kevin shares a fascinating case study on breaking multilingual logic and reviews the infamous Air Canada chatbot legal precedent, demonstrating why organizations must treat AI systems as highly exploitable targets.

  • (18:37) – Offensive AI: Lowering the Barrier to Entry?

Steve and Kevin discuss whether generative AI tools allow anyone to become a hacker. They analyze how automation is boosting efficiency in offensive security while simultaneously lowering the technical bar for entry-level malicious cybercriminals.

  • (22:22) – Proactive Hardening & The Rise of Hardware Hacking

Kevin outlines the future of Bugcrowd, underscoring the critical necessity of keeping a "human in the loop." He details the surging industry trend of hardware hacking, including real-world stress tests on retail point-of-sale (POS) systems, vehicles, and network-connected physical cameras.

Resources:

Meet your host Steve Kenny:

Steve has spent 15 years in the security sector undertaking various roles that have seen him take responsibility for key elements of mission critical, high profile projects across a number of different vertical markets. For the last several years, Steve has focused his attention on how technologies can best compliment day to day operations and specifically address operational issues by supporting the A&E consultant community across EMEA. Steve is a committee member for ASIS International focusing on Education for the security sector and the UK technology advisor for TINYg (Terrorist Information New York group).

Connect with Steve on LinkedIn

More about Axis Communications: Axis enables a smarter and safer world by improving security, safety, operational efficiency, and business intelligence. As a network technology company and industry leader, Axis offers video surveillance, access control, intercoms, and audio solutions. These are enhanced by intelligent analytics applications and supported by high-quality training.

Axis has around 5,000 dedicated employees in over 50 countries and collaborates with technology and system integration partners worldwide to deliver customer solutions. Axis was founded in 1984, and the headquarters are in Lund, Sweden.

Find out more about Axis Communications - Innovating for a smarter, safer world

https://www.axis.com/

Show artwork for Security Tech Talk

About the Podcast

Security Tech Talk
Conversations with security industry disruptors and innovators
We talk to security industry leaders, disruptors, and innovators with strong views and opinions on the future of topics like physical security, smart buildings, artificial intelligence, cybersecurity and more. We dig into the latest tech trends, explore how security is shaping the world, and delve into those tricky regulations (like NIS2, the Cyber Resilience Act, the EU Artificial Intelligence Act, the UK's Product Security, Telecommunications, Infrastructure Act and more) that keep everyone on their toes. We are here to talk about technology trends, explore the big issues facing the security industry, and provide valuable insights that will support you and your business. Join us as we uncover important information to help you come away feeling well-educated and prepared for the future. This podcast is brought to you by Axis Communications Inc. - innovating for a smarter, safer world.

About your host

Profile picture for Steven Kenny

Steven Kenny

Steven Kenny – Manager, Architecture & Engineering Program – EMEA, Axis Communications.
With two decades of experience in the security industry, Steven Kenny has played active roles in numerous high-profile projects, both domestically and internationally. Over the last eleven years, his focus has been on understanding how security technologies can best support business security strategies, all while advocating for the heightened importance of cybersecurity and compliance within the physical security field.

Currently leading a team of Architect and Engineering managers across the EMEA region, Steven remains committed to contributing positively to global security practices. He is actively involved in industry associations and international standards organizations, seeking to collaboratively shape the landscape of security.

In a more behind-the-scenes capacity, Steven has provided consultative support to a national steering group instrumental in establishing the Secure by Design, Secure by Default certification. His close collaboration with the UK Surveillance Camera Commissioner reflects his dedication to enhancing standards in the physical security sector. As a speaker at international security conferences, Steven has modestly shared insights that have contributed to the industry's development and the identification of key technology trends.

Beyond his professional commitments, Steven has volunteered his expertise, previously serving as Director of Systems, Information, and Cyber Security for ASIS International and the UK chapter, before being elected as a board director. He also serves on the EMEA Advisor Council as the emerging technology lead for TiNYg (Global Terrorism Information Network). Additionally, he contributes to various standards committees supporting IoT security and plays a role in the BSI Private Security Management and Services. Steven Kenny's humble dedication has made a meaningful impact on the global security landscape, positioning him as a valued contributor to the industry.