I would say that it's a hacker without ill intent. It's somebody who will hack into a system to discover a vulnerability and then report it to the system owner and say, “I found this vulnerability in your system and here's how you should fix it.” That's opposed to a hacker who goes in and steals information and then maybe holds it for ransom or damages the system.
On March 28th, 2022. See this statement in context.