From luxury hotels to Las Vegas esports arenas, few technical careers can showcase your skills in exclusive venues around the world, cheering you on as your name improves rankings and your income.

But that's what Brandyn Murtagh went through in his first year as Bug Bounty Hunter.

Mr. Murtagh started using games and making computers at the age of 10 or 11 and always knew “I wanted to be a hacker or a security job.”

He started working in the Security Operations Center at the age of 16 and started penetration testing at the age of 20, which also involved testing the security of the client’s physical and computer security: “I had to forge my wrong identity and break into the place and then break into it and then break into it. It was very interesting.”

But over the past year, he has become a full-time hunter and independent security researcher, meaning he will search for the organization's computer infrastructure to address security vulnerabilities. And he hasn't looked back yet.

Internet browser Pioneer Netscape is considered the first technology company to offer cash “bounties” to security researchers or hackers in the hope of discovering flaws or vulnerabilities in its products in the 1990s.

Eventually, platforms like Bugcrowd and Hackerone emerged in the United States and in Europe to connect hackers and organizations who want to test their software and systems for security vulnerabilities.

As Bugcrowd founder Casey Ellis explains, hackers are “morally agnostic skills,” but error hunters do have to operate within the scope of the law.

Platforms like Bugcrowd bring more discipline to the hunting process, allowing companies to set the "range" of the system they want to target. They run those on-site hackathons where top bug hunters compete and collaborate on the “hammer” system, showcase their skills and potentially make big money.

Companies using platforms such as Bugcrowd have also gained evident. With 24 million lines of code in its device operating system, vulnerability is inevitable, said Axis OS Andre Bastert, global product manager at Swedish webcam and surveillance equipment company Axis Communications. “We realized that the second eye was always good.”

He said platforms such as Bugcrowd say “you can use hackers as a permanent force.” Mr Bastert said Axis has revealed and patched up to 30 loopholes since opening its bug bounty program. The hacker in charge received a reward of $25,000 (£19,300).

So, this could be profitable. Bugcrowd has earned more than $1.2 million in the highest income hacker in the past year.

But while Inti de Ceukelaire, chief hacking officer of Intigriti, has registered millions of hackers on key platforms, the number of people hunting every day or week is "thousands". The elite level invited to attend flagship live events will remain smaller.

"A good month looks like a few key vulnerabilities found, a few highs, a lot of media. Ideally, there are some good salaries," Mr. Murtague said. But he added: "It doesn't always happen."

However, with the explosion of artificial intelligence, bug hunters have a whole new attack surface to explore.

Mr Ellis said the organization is competing for the competitive advantage of the technology. This often has a security impact.

“In general, if you implement a new technology quickly and competitively, you don’t think about anything.” Additionally, AI is not only powerful, but it is “designed to be used by anyone”, he said.

Katie Paxton-Fear, a security researcher and cybersecurity lecturer at Metropolitan University, noted that AI is the first technology to explode on site and the formal hunting community is in place.

Mr De Ceukelaire said this has escalated the competitive environment for hackers. Hackers (ethical or not) can leverage technology to speed up and automate their operations. From conducting reconnaissance to identify vulnerable systems, to analyzing defective codes or proposing passwords that can damage the system.

However, the reliance of modern AI systems on large language models also means that language skills and manipulation are important components of hacker tool suites.

He said he has used classic police interrogation skills to bother chatbots and make them "crack".

Mr Murtagh describes using such social engineering techniques on a retailer’s chatbot: “I would try to make a chatbot cause a request, or even trigger myself in order to give me another user’s order or other user’s data.”

But these systems are also susceptible to more "traditional" network application technologies, he said. "I've had some success in an attack called "cross-site scripting," where you can essentially spoof chatbots to render a malicious payload that causes all sorts of security."

But the threat does not stop there. Dr. Paxton-Fear said that over-focusing of chatbots and large language models can disperse the wider interconnection of AI power systems.

"If you run into a vulnerability in one system, where will it end up in every other system it connects to? Where do we see the link between them? That's where I look for these flaws."

Dr. Paxton-Fear added that there are no major data breaches related to AI, but “I think it’s just a matter of time.”

At the same time, the emerging AI industry needs to ensure it includes bug hunters and safety researchers, she said. “Some companies aren’t making jobs that are hard for us to do more difficult.”

At the same time, this is unlikely to postpone bug hunters. As Mr. De Ceukelaire said: "It was a hacker, it was always a hacker."