We are independent & ad-supported. We may earn a commission for purchases made through our links.
WiseGeek
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Is a Grey Hat?

By G. Wiesen
Updated: May 17, 2024

A grey hat is a computer security specialist who acts as a hacker in an attempt to penetrate the security of a particular system or network. This type of hacker is usually someone who is not conducting such activity in an effort to be malicious, but instead uses these attacks as research. If a flaw is found in the security of the network, then this type of hacker usually informs the owners of that network or system to instruct them about the nature of the flaw. A grey hat is not someone authorized to attempt to hack into a system, however, so his or her activities may be illegal.

The term “grey hat” stems from the use of the terms “black hat” and “white hat” within the computer security and hacker community. All three terms refer to a type of hacker, a person who uses computer programs and various methods to attempt to circumvent security of a network or computer system. A white hat is a hacker employed by a company or organization and authorized to attempt to hack into that group’s system to look for flaws or security risks. In contrast to this, a black hat hacker is someone who hacks into systems without authorization and with malicious intent.

A grey hat is a hacker who falls somewhere between these two groups. This means he or she typically hacks into systems that he or she is not authorized to access, which makes such hacking potentially illegal. If the grey hat hacker does find a security flaw or similar issue, then he or she typically notifies the company or organization about this flaw so that security can be improved. The exact way in which the hacker notifies the group, however, can vary since some companies may pursue legal action against the grey hat hacker.

This type of notification usually results in a grey hat hacker choosing within the spectrum of full disclosure and private use. Full disclosure refers to notification of the general public about a security flaw, including both potential hackers and the company that has the flaw. In contrast to this, private use would include black hat hackers who find a flaw, and then fail to notify the company about it to instead use the information for private, often malicious, purposes. A grey hat hacker typically chooses to act in a way between these two options, by notifying the organization about flaws it has, before releasing information to the general public.

WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
See our Editorial Process Share Feedback

Related Articles

Discussion Comments
By wiesen — On Aug 18, 2011

As far as education goes, you can look into a program on computer security in general or information technology (IT) security. The "hacking" side is often self-taught or provided through other programs.

White hat hackers are the ones who are actually employed by a company, so you may do better researching that term, if you are interested in working in this field. Grey hat hackers are technically breaking the law a fair amount of time, so it's something of a dangerous field. White hat hackers are paid by a company to attack that company's system and their behavior is legal as they do so.

By Saraq90 — On Aug 18, 2011

@speechie - I had seen a computer security site which was named after this term and in turn had piqued my interest to the term. I have not seen any education programs, but I am not very computer savvy so that is not a surprise.

I did see on this security site that the security company offers education programs to teach a business' employees about security and the latest information on such but I did see anything that made me think there was a class to take on becoming a 'grey hat' but it does seem that schools that have Computer Programing degrees would have classes in computer security.

By Speechie — On Aug 17, 2011

I had just been to a history museum so I had thought that grey hat had to do with the Civil War uniforms or maybe a particular officer in the Civil War so I was surprised to find how modern the term is.

So modern that it has to do with hacking. Seeing as how this hacking is not malicious in nature, are there actual programs, which teach you how to become a grey hat, or is it a type of self-taught skill?

And how do you get hired? Whenever things have to do with hacking it seems like it would be top secret on some level, but maybe it is not as glamorous as that.

Share
https://www.wisegeek.net/what-is-a-grey-hat.htm
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.