Hack The Box workforce shift

Hack The Box said on May 19 that a new report based on 702,226 cybersecurity professionals across 251 countries and territories shows AI penetration testing has moved into the top tier of global training priorities. The company said the findings were drawn from anonymized platform data collected between mid-March and early December 2025, alongside activity from about 1,500 users working in AI and machine-learning labs. The report points to two linked developments: rising demand for AI-focused offensive testing and broader overlap between defensive and offensive training paths. Hack The Box founder and CEO Haris Pylarinos said the split is emerging between teams that can operationalize AI and those that cannot. ### Why did AI penetration testing climb so high on the list? Hack The Box said AI penetration testing now ranks No. 4 among global training interests. The report said that rise reflects demand for skills tied to prompt injection, model exploitation and agentic AI hijacking, which it identified as the top three AI attack vectors in its data. The company said organizations are putting more resources into proactive AI security capabilities as those attack paths become more relevant in day-to-day operations. In a May 19 blog post, Pylarinos said AI is creating “a divide between teams that can operationalize it and those that can’t.” ### What do the red-team and blue-team numbers show? The report said 77% of defensive practitioners are training in offensive skills. Hack The Box also said 44% of offensive professionals are building defensive skills, a pattern it described as more integrated cybersecurity skill development. Those figures suggest employers and practitioners are putting less weight on rigid separation between red and blue roles. The report ties that overlap to changing workflows, where practitioners are expected to understand both attack methods and defensive operations as AI tools spread across security teams. ### How broad is the dataset behind the report? Hack The Box said the analysis covers 702,226 cybersecurity professionals in 251 countries and territories. The company said the report combines self-declared training interests with activity-based insights from approximately 1,500 users engaging with AI and machine-learning labs. The company described the dataset as one of the largest global snapshots of cybersecurity talent. The report also said India and the United States together account for nearly 28% of training interest, underscoring the scale of U.S. demand and India’s growth as a talent market. ### What does Hack The Box say companies should take from it? Haris Pylarinos said in the company’s release that the gap between teams that can use AI and those that cannot “directly translates into risk.” Hack The Box said the findings should push CISOs and workforce planners to rethink how they structure teams, train staff and measure readiness. The company’s materials also point to employer-led programs as a driver of engagement, citing enterprise benchmarks with team engagement above 80%. That places the emphasis on organized upskilling rather than ad hoc individual learning, according to the report. ### Where does this show up in day-to-day security work? The report said AI-related training demand is concentrating around concrete abuse cases rather than general familiarity with AI tools. Hack The Box identified prompt injection, model exploitation and agentic AI hijacking as the leading attack areas attracting attention from learners. That focus aligns with the broader crossover in training paths. A defender learning offensive techniques is more likely to test AI systems for failure modes, while an offensive specialist adding defensive skills is more likely to understand monitoring, hardening and response requirements around those systems, according to the report. ### What comes next for readers who want the underlying data? Hack The Box published the Cybersecurity Workforce Intelligence Report on May 19 on its resources site and report download page. The company’s release and report say the findings are based on data gathered between mid-March and early December 2025, with named participants including Pylarinos and enterprise teams tracked in the company’s benchmarks.