Champion Ethical Hacker Voices Concern Over AI Impact on Competitive Hacking
Valentina Palmiotti, known in the hacking community as Chompie, recently emerged as the most successful individual at the prestigious Pwn2Own hacking competition held in Berlin. Despite her success, she expressed concerns that the rise of advanced AI tools such as Claude Mythos could soon limit opportunities for human ethical hackers like herself.
Chompie explained to that, at present, AI tools assist her in securing "bug bounties"—monetary rewards given to hackers who identify vulnerabilities in online systems before malicious actors exploit them. However, she warned that systems like Mythos are so advanced that even top-tier hackers may struggle to compete with their capabilities in the near future.
AI's influence on the cybersecurity landscape has been profound, with particular attention on Mythos. Developed by Anthropic, the model reportedly has identified 1,600 vulnerabilities across hundreds of software programs. Due to its potential risks, Anthropic restricts Mythos's release to select governments and cybersecurity institutions.
Pwn2Own, organized by the ZeroDay Initiative, invites ethical hackers worldwide to uncover vulnerabilities in designated products. This year, nearly $1.3 million (£970,000) was awarded to participants who collectively discovered 47 new hacking techniques targeting various programs, websites, and software. All identified flaws have been responsibly reported to the affected companies, which are actively addressing these security gaps before cybercriminals can exploit them.
On the first day of the contest, Chompie successfully demonstrated a hack on a system associated with Nvidia, earning $20,000. She described entering "zombie hacker mode" to prepare for subsequent challenges.
"As soon as I won the first prize I ran back to my hotel room to keep working on the other one. I worked from 6pm til 6am and didn't sleep," she said.
The effort paid off, as footage from the event shows her appearing both happy and exhausted on stage after successfully hacking a Linux-based system, which earned her $50,000.
Chompie characterized "zombie hacker mode" as an intense period of research and testing fueled by energy drinks and adrenaline, often while wearing a black hoodie.
"It's not healthy," she laughed, "but it was necessary."
This year, many champions, including Chompie, have incorporated AI tools to aid them during these demanding periods. She noted that tools like Claude Code have enabled her to work more efficiently both in competitions and in her role as a security researcher at IBM X-Force.
She described the current environment as a "sweet spot" where AI serves as an aid to hackers. However, she anticipates that new models such as Claude Mythos and GPT 5.5 Cyber will soon shift the balance.
"I competed in Pwn2Own this year because I thought it might be my last chance," she explained.
"That isn't to say that I think that there's going to be no room for security research or ethical hacking, but I think that a lot of the lower-hanging fruit will start to go away."
Chompie, who was the joint-first woman to compete in the 2024 Pwn2Own, suggested that while good or great hackers may soon be less needed, only the very best will continue to find new bugs and claim prizes.
In this elite category, she mentioned individuals like Orange Tsai, another prominent winner in Berlin with numerous previous hacking accolades.
Tsai, a hacker from Taiwan who prefers to keep his real name private, led his team to win $375,000 (£278,000) by uncovering highly complex hacking pathways.
He expressed a more optimistic view regarding the future of human bug hunters.
"For me, AI feels more like a really awesome assistant that helps accelerate my research workflow," he said.
"During research I usually come up with many interesting ideas, but unfortunately I still need to sleep, so I can't test everything one by one. AI can finally help free my hands," he added.
Orange Tsai acknowledged that AI is raising the bar but remains hopeful that human creativity and intuition will continue to identify vulnerabilities that AI tools might overlook.
Implications for Malicious Hackers
With AI making it more challenging for ethical hackers to find system vulnerabilities, questions arise about the impact on criminal hackers.
Research indicates that cybercriminals are increasingly employing AI to accelerate their attacks and, in some cases, develop new methods to breach systems for data theft and ransomware operations.
Nevertheless, the majority of cyber-attacks still rely on well-established, simpler techniques that do not require discovering new bugs. These include phishing and social engineering tactics, where attackers send deceptive emails to employees, tricking them into clicking malicious links that grant access to company systems.
Chompie believes that AI tools will ultimately make it harder for all hackers, which she views as beneficial for internet security.
"I think that the tide is turning against offensive hackers. I think defence stands to gain a lot from this capability," she said.
However, she emphasized that the advantages AI offers to cybersecurity defenders will only materialize if such technologies are released responsibly.
She argued that ethical hackers must have access to the most powerful AI tools first to identify and remediate vulnerabilities before malicious actors do.
for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? here.
