What Is a Grey Hat?

G. Wiesen

A grey hat is a computer security specialist who acts as a hacker in an attempt to penetrate the security of a particular system or network. This type of hacker is usually someone who is not conducting such activity in an effort to be malicious, but instead uses these attacks as research. If a flaw is found in the security of the network, then this type of hacker usually informs the owners of that network or system to instruct them about the nature of the flaw. A grey hat is not someone authorized to attempt to hack into a system, however, so his or her activities may be illegal.

Grey hat hackers usually attempt to penetrate computer security systems for non-malicious reasons.
Grey hat hackers usually attempt to penetrate computer security systems for non-malicious reasons.

The term “grey hat” stems from the use of the terms “black hat” and “white hat” within the computer security and hacker community. All three terms refer to a type of hacker, a person who uses computer programs and various methods to attempt to circumvent security of a network or computer system. A white hat is a hacker employed by a company or organization and authorized to attempt to hack into that group’s system to look for flaws or security risks. In contrast to this, a black hat hacker is someone who hacks into systems without authorization and with malicious intent.

A grey hat is not authorized to attempt to hack into a system.
A grey hat is not authorized to attempt to hack into a system.

A grey hat is a hacker who falls somewhere between these two groups. This means he or she typically hacks into systems that he or she is not authorized to access, which makes such hacking potentially illegal. If the grey hat hacker does find a security flaw or similar issue, then he or she typically notifies the company or organization about this flaw so that security can be improved. The exact way in which the hacker notifies the group, however, can vary since some companies may pursue legal action against the grey hat hacker.

This type of notification usually results in a grey hat hacker choosing within the spectrum of full disclosure and private use. Full disclosure refers to notification of the general public about a security flaw, including both potential hackers and the company that has the flaw. In contrast to this, private use would include black hat hackers who find a flaw, and then fail to notify the company about it to instead use the information for private, often malicious, purposes. A grey hat hacker typically chooses to act in a way between these two options, by notifying the organization about flaws it has, before releasing information to the general public.

You might also Like

Discussion Comments


As far as education goes, you can look into a program on computer security in general or information technology (IT) security. The "hacking" side is often self-taught or provided through other programs.

White hat hackers are the ones who are actually employed by a company, so you may do better researching that term, if you are interested in working in this field. Grey hat hackers are technically breaking the law a fair amount of time, so it's something of a dangerous field. White hat hackers are paid by a company to attack that company's system and their behavior is legal as they do so.


@speechie - I had seen a computer security site which was named after this term and in turn had piqued my interest to the term. I have not seen any education programs, but I am not very computer savvy so that is not a surprise.

I did see on this security site that the security company offers education programs to teach a business' employees about security and the latest information on such but I did see anything that made me think there was a class to take on becoming a 'grey hat' but it does seem that schools that have Computer Programing degrees would have classes in computer security.


I had just been to a history museum so I had thought that grey hat had to do with the Civil War uniforms or maybe a particular officer in the Civil War so I was surprised to find how modern the term is.

So modern that it has to do with hacking. Seeing as how this hacking is not malicious in nature, are there actual programs, which teach you how to become a grey hat, or is it a type of self-taught skill?

And how do you get hired? Whenever things have to do with hacking it seems like it would be top secret on some level, but maybe it is not as glamorous as that.

Post your comments
Forgot password?