Grey-Hats are the logical fusing of black and white-hat hackers, the philosophical middle ground between a pure respect for the digital boundaries and the malicious lack of respect for any type of laws or privacy. Just as the name implies, this division is not concrete- there is a constant debate as to whether a particular behavior or action should be considered black or grey hat.

Like black-hats, grey-hats will often discover vulnerabilities in a public protocol or system and 'release' the vulnerability to the public. A key difference here is that gray-hats will work with vendors, and often describe the exploit mechanics,  at times offering a 'proof-of-concept' model that may be modified, with work, to exploit real-world computers; they do not write easy to use, point-and-click programs or step-by-step instructions that the so called 'script-kiddies' can utilize. In the book Gray Hat Hacking : the Ethical Hacker's Handbook Shon Harris details what the collective authors feel is one way to draw the philosophical line between white, black and grey hats, "If an individual uncovers a vulernability and illegally exploits it and/or tells others how to carry this activity out, he is considered a black hat. If an individual uncovers a vulnerability and exploits it with authorization, he is considered a white hat. If a different person uncovers a vulnerability, does not illegally exploit it or tell others how to do it, but works with the vendor - this person gets the label of grey hat" (Harris 46).  

This interpretation falls in line with a stricter interpretation of the DMCA, or Digital Millennium Copyright Act, which has heavily influenced the line dividing the grey-hats from their white and black counterparts. The Robery Lemos' CNet news article, "The Thin Gray Line" describes how gray-hats, the middle of the ethical spectrum, are, "finding their once-acceptable acts, such as informing the public of company security holes, could now land them in jail" (Lemos, para. 6). The vague language of the DMCA has allowed powerful companies and government agencies to crack down on activities that, while ethically may be benign, are technically illegal; the breaking-in-then-informing approach that gray-hats take is increasingly legally risky. The effect of this legal attack on the gray-hat philosophy is one of polarization. Hackers and security professionals are being pushed to opposing ends of the ethical spectrum, donning an ethically clean 'white-hat' and ceasing to break the strict stipulations of the DMCA, or crossing completely over to 'the dark side' and continuing even more illicit activity. 

A particular adaptation of the grey-hat philosophy is known as Hacktivism, the fusing of hacking and online activism.