The term grey hat refers to a computer hаcker or computer security expert whose ethical standards fall somewhere between purely altruistic and purely malicious. The term began to be used in the late 1990s, derived from the concepts of "white hat" and "black hat" hаckers. When a white hat hаcker discovers vulnerability, they will exploit it only with permission and not divulge its existence until it has been fixed, whereas the black hat will illegally exploit it and/or tell others how to do so. The grey hat will neither illegally exploit it, nor tell others how to do so
A further difference among these types of hаcker lies in their methods of discovering vulnerabilities. The white hat breaks into systems and networks at the request of their employer or with explicit permission for the purpose of determining how secure it is against hаckers, whereas the black hat will break into any system or network in order to uncover sensitive information and for personal gain. The grey hat generally has the skills and intent of the white hat but will break into any system or network without permission.
According to one definition of a grey-hat hаcker, when they discover vulnerability, instead of telling the vendor how the exploit works, he or she may offer to repair it for a small fee. When one successfully gains illegal access to a system or network, he or she may suggest to the system administrator that one of his or her friends be hired to fix the problem; however, this practice has been declining due to the increasing willingness of businesses to prosecute. Another definition of Grey Hat maintains that Grey Hat hаckers only arguably violate the law in an effort to research and improve security: legality being set according to the particular ramifications of any hаcks they participate in.