Bugcrowd acquires Mayhem to blend AI automation with human expertise

Bugcrowd has announced the acquisition of Mayhem Security to integrate human ingenuity with AI automation in cybersecurity testing.

The acquisition aligns with Bugcrowd's objective to create a comprehensive security platform that merges the skills of its global hacker community with Mayhem Security's automation technology. Financial details regarding the acquisition have not been disclosed.

Security landscape

Organisations face an increasingly complex cyber threat environment, influenced by the rapid pace of software development, the proliferation of application programming interfaces (APIs), and complex supply chains. Many existing security solutions only detect vulnerabilities after software deployment, which can leave gaps that adversaries exploit.

The need for approaches that adapt rapidly to new risks has driven demand for solutions that blend AI scalability and human insight. Bugcrowd aims to address these challenges by combining automated and human-led testing throughout the software lifecycle.

Integration of AI and human testing

The integration will allow Bugcrowd's customers to employ Mayhem Security's AI-driven automation for early vulnerability detection, while leveraging adversarial testing by human hackers for deployed software. This system is intended to provide continuous security coverage from development through to production stages.

According to Bugcrowd, the combined platform will "find, prioritise, and validate remediation of vulnerabilities," reducing manual effort and supporting ongoing protection.

"I'm thrilled to welcome Mayhem Security to the Bugcrowd team," said Dave Gerry, CEO of Bugcrowd. "This acquisition represents another milestone in our mission to transform the way organizations approach cybersecurity by combining the collective ingenuity of our global hacker community with the machine speed and precision of AI offensive security testing. By integrating Mayhem's capabilities into the Bugcrowd Platform, we're building the industry's first truly adaptive security platform, enabling customers to anticipate, test, and defend at unprecedented scale. This is a strategic step toward realizing our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers' attack surface."

Capabilities of Mayhem Security

Mayhem Security delivers automated penetration testing for APIs, code security with continuous testing, dynamic software bill of materials (SBOM) profiling, and reinforcement learning for software. Its AI platform is designed to support the secure delivery of software at reduced cost and time.

The company was founded by Dr. David Brumley and Dr. Thanassis Avgerinos, both holding doctorates from Carnegie Mellon University. Mayhem Security gained industry recognition after winning the DARPA Cyber Grand Challenge in 2016 with its autonomous system, also becoming the first non-human recipient of a DEF CON Black Badge. Its platform serves sectors such as defence, aerospace, fintech, high tech, and gaming.

"For over a decade, we've built technology that thinks and learns like an attacker to autonomously find new vulnerabilities. Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we're redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats." Dr. David Brumley, CEO of Mayhem Security

Industry perspectives

Industry observers see the move as a response to the expanding attack surface faced by enterprises. The integration of technology and community-driven expertise has been highlighted as a potential advantage for organisations seeking pre-emptive risk management strategies.

"Bugcrowd's acquisition of Mayhem Security marks a strategic evolution in how cybersecurity drives enterprise growth," said Navin Maharaj, Senior Director at KDT. "As software development accelerates and attack surfaces expand, integrated platforms like Bugcrowd's are uniquely positioned to lead. This move strengthens their market presence and amplifies their ability to deliver long-term value across the enterprise landscape."

"Bugcrowd continues to push the boundaries in modernizing cybersecurity, and the acquisition of Mayhem Security is a testament to that mission," said Jeff Hinck, Co-Founder and Managing Director, Rally Ventures. "By integrating AI-driven offensive security capabilities with its trusted hacker community, Bugcrowd is delivering a solution that's not only adaptive but anticipatory and preemptive, helping organizations stay ahead of threats rather than just react to them."

"We believe Mayhem's breakthrough technology and visionary leadership have consistently pushed the boundaries of what's possible in cybersecurity," said Aaron Jacobson, Partner, NEA. "We're excited to see this next chapter unfold with Bugcrowd, as they bring together automation and human insight to deliver a truly differentiated solution for today's evolving threat landscape."

"The future of cybersecurity lies at the intersection of human creativity and machine intelligence," said Mark Crane, Partner, General Catalyst. "The addition of Mayhem's autonomous capabilities strengthens Bugcrowd's position as a driving force in crowdsourced security. We're proud to support a team that's building the next generation of AI-powered, human-in-the-loop security testing."