Crowdsourced cybersecurity firm Bugcrowd has acquired Mayhem Security, an AI and cyber scaleup. Founded as ForAllSecure in 2012 out of Carnegie Mellon University, Mayhem Security developed advanced AI for offensive security. This acquisition aims to merge the ingenuity of Bugcrowd’s hacker community with Mayhem’s AI capabilities for enhanced security testing.
Mayhem won the Darpa Cyber Grand Challenge in 2016 and received the first DEF CON Black Badge awarded to a non-human entity. The company pioneered applying automation and AI to “offensive” security techniques.
Mayhem’s platform provides continuous AI-enhanced security testing across Application Programming Interfaces (APIs), code, and Software Bills of Material (SBOMs). It also offers reinforcement learning environments for developers to build foundational Large Language Models (LLMs), training AI agents to autonomously run, break, and test software.
Bugcrowd integrates Mayhem’s platform into its operations, augmenting the ingenuity of Bugcrowd’s freelance ethical hackers with the speed and precision of AI-powered testing. Ethical hackers are security professionals who identify vulnerabilities in systems with permission from the owner.
David Gerry, Bugcrowd CEO, stated the acquisition marks a milestone in the firm’s mission to change how companies approach cybersecurity. “By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test and defend at unprecedented scale,„ Gerry said. He emphasized that this move aims to create a self-learning platform that unites human creativity with machine intelligence, shrinking customers’ attack surfaces.
David Brumley, Mayhem CEO and a professor at Carnegie Mellon, commented on the technology: “For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities.” He added that joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the global hacker community’s creativity and expertise. “Together, we’re redefining modern security testing, helping organizations pre-empt risk, close vulnerabilities faster, and eliminate zero-day threats,” Brumley concluded, referring to previously unknown software vulnerabilities that attackers can exploit.
Organizations worldwide face increasingly complex attack surfaces, the collective sum of all potential entry points for unauthorized access. Rapid software delivery, expanding APIs, and opaque supply chains and dependencies exacerbate these challenges.
Traditional security approaches often detect vulnerabilities only after software deployment. This means exploitable flaws enter live environments where fast-moving threat actors can discover them before defenders apply fixes.
Jeff Hinck, co-founder and managing director at Rally Ventures, commented on Bugcrowd’s mission: “Bugcrowd continues to push the boundaries in modernizing cybersecurity, and the acquisition of Mayhem Security is a testament to that mission.” He added, “By integrating AI-driven offensive security capabilities with its trusted hacker community, Bugcrowd is delivering a solution that’s not only adaptive, but anticipatory and preemptive, helping organizations stay ahead of threats rather than just react to them.”
The companies did not disclose the financial terms of the transaction.