What’s a Gray Hat?

Print anything with Printful



A gray hat is a hacker who attempts to penetrate the security of a system or network for research purposes and informs the owners of any breaches. They are not authorized to hack and their activities may be illegal. The term comes from “black hat” and “white hat” hackers, with the former being malicious and the latter authorized by companies. Gray hats fall in between and typically choose to notify the organization of flaws before releasing information to the public.

A gray hat is a computer security specialist who acts like a hacker in an attempt to penetrate the security of a particular system or network. This type of hacker is usually someone who isn’t conducting such activity in an attempt to be malicious, but instead uses these attacks as research. If a network security breach is discovered, this type of hacker usually informs the owners of that network or system to educate them about the nature of the breach. However, a gray hat is not a person authorized to attempt to hack a system, so his or her activities may be illegal.

The term “gray hat” comes from the use of the terms “black hat” and “white hat” within the computer security and hacker community. All three terms refer to a type of hacker, a person who uses computer programs and various methods to attempt to evade the security of a network or computer system. A white hat is a hacker employed by a company or organization and authorized to attempt to break into that group’s system to look for flaws or security risks. Conversely, a black hat hacker is someone who accesses systems without permission and with malicious intent.

A gray hat is a hacker who falls somewhere between these two groups. This means that he typically accesses systems that he is not authorized to access, which makes such hacking potentially illegal. If the gray hat hacker finds a security flaw or similar problem, he typically informs the company or organization of this flaw so that security can be improved. Exactly how the hacker informs the group, however, can vary as some companies may take legal action against the gray hat hacker.

This type of notification usually results in a choice by a gray hat hacker within the spectrum of full disclosure and private use. Full disclosure refers to notifying the general public of a security flaw, including both potential hackers and the company that has the flaw. In contrast to this, private use would include black hat hackers who find fault and then fail to tell the business to instead use the information for private, often malicious purposes. A gray hat hacker typically chooses to do one of these two options, notifying the organization of flaws he has, before releasing information to the general public.




Protect your devices with Threat Protection by NordVPN


Skip to content