The term "legal hacking" typically refers to activities that are conducted with permission and within the boundaries of the law, often with the aim of identifying security vulnerabilities to improve systems. Based on the options provided, the instance that best describes legal hacking is:
Penetration testing for a company
This involves authorized testing of a company's systems to discover vulnerabilities and is usually performed under a contract or agreement, making it legal.
The other options involve actions that may not be legal (such as hacking a system not covered by a bug bounty program without permission) or are ambiguous in their legality (like grey hat hacking, which involves finding vulnerabilities without authority but can fall into a legal grey area).
"Security hacking is never legal" is incorrect, as there are many scenarios – like penetration testing or ethical hacking – that are explicitly legal when performed with permission.