Bugcrowd Acquires Mayhem Security to Advance AI-Driven Security Testing

Bugcrowd announced its acquisition of Mayhem Security, an AI offensive security innovator founded by top-tier ethical hackers, to drive the next evolution of AI-powered, human-augmented security testing. By uniting its global hacker community with Mayhem’s advanced AI platform, Bugcrowd seeks to enable organizations to deliver safer software more quickly and cost-effectively, while reducing their overall attack surface. Terms of the deal were not disclosed.

Organizations face increasingly complex attack surfaces, driven by rapid software delivery, expanding APIs, and opaque supply chains. Traditional security approaches often detect vulnerabilities only after deployment, leaving exploitable weaknesses in production and exposing businesses to escalating risks from adversaries who operate with increasing speed and sophistication. Addressing these challenges requires a new approach: one that combines the scalability and precision of AI with the contextual insight of human-led testing to deliver security that evolves as fast as the threats it defends against.

The integration of Mayhem’s AI-driven automation with Bugcrowd’s crowdsourced testing redefines how vulnerabilities are discovered and remediated across the software development lifecycle. Customers will gain automated, proactive protection during development through virtually noise-free testing that continuously finds, prioritizes, and validates the remediation of vulnerabilities, seamlessly complemented by Bugcrowd’s proven, human-driven adversarial testing of deployed software by trusted, highly skilled hackers. This marks an industry first, bringing both capabilities together in a unified platform that delivers continuous coverage from development to production. By combining Mayhem’s AI offensive security with Bugcrowd’s trusted crowdsourced expertise, organizations can continuously reduce their attack surface, eliminate risky code and dependencies, and keep pace with modern adversaries.

“I’m thrilled to welcome Mayhem Security to the Bugcrowd team,” said Dave Gerry, CEO of Bugcrowd. “This acquisition represents another milestone in our mission to transform the way organizations approach cybersecurity by combining the collective ingenuity of our global hacker community with the machine speed and precision of AI offensive security testing. By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test, and defend at unprecedented scale. This is a strategic step toward realizing our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers’ attack surface.”

Mayhem Security was founded by Dr. David Brumley and Dr. Thanassis Avgerinos, two world-renowned cybersecurity innovators who each hold a PhD from Carnegie Mellon

University. United by a vision to transform how organizations find and fix vulnerabilities, they’ve built a platform that blends deep academic research with real-world impact. The company made history in 2016 by winning the DARPA Cyber Grand Challenge with an autonomous system capable of discovering, diagnosing, and repairing software flaws in real time, later earning the first-ever DEF CON Black Badge awarded to a non-human competitor. Today, Mayhem’s AI offensive platform delivers continuous security testing across APIs, code, and Software Bill of Materials (SBOM), and provides Reinforcement Learning environments for builders of foundational LLM models.

Mayhem Security currently delivers:

API Security—Replaces biased and cumbersome manual methods with continuous, automated penetration testing to find, validate, and fix API vulnerabilities with 100% accuracy.
Code Security—Enables customers to ship or deploy secure code faster and at a lower cost compared to noisy, time-consuming manual testing.
Dynamic SBOM—Simplifies and accelerates time-to-compliance by profiling runtime applications and automatically identifying and removing risky third-party dependencies and unused code.
Reinforcement Learning—Trains agents to carry out actions and solve problems by learning to run, break, and pass tests in real software.

“For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities,” said Dr. David Brumley, CEO of Mayhem Security, now Chief AI and Science Officer at Bugcrowd. “Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we’re redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats.”

“Bugcrowd’s acquisition of Mayhem Security marks a strategic evolution in how cybersecurity drives enterprise growth,” said Navin Maharaj, Senior Director at KDT. “As software development accelerates and attack surfaces expand, integrated platforms like Bugcrowd’s are uniquely positioned to lead. This move strengthens their market presence and amplifies their ability to deliver long-term value across the enterprise landscape.”

“Bugcrowd continues to push the boundaries in modernizing cybersecurity, and the acquisition of Mayhem Security is a testament to that mission,” said Jeff Hinck, Co-Founder and Managing Director, Rally Ventures. “By integrating AI-driven offensive security capabilities with its trusted hacker community, Bugcrowd is delivering a solution that’s not only adaptive but anticipatory and preemptive, helping organizations stay ahead of threats rather than just react to them.”

“We believe Mayhem’s breakthrough technology and visionary leadership have consistently pushed the boundaries of what’s possible in cybersecurity,” said Aaron Jacobson, Partner, NEA.

“We’re excited to see this next chapter unfold with Bugcrowd, as they bring together automation and human insight to deliver a truly differentiated solution for today’s evolving threat landscape.”

“The future of cybersecurity lies at the intersection of human creativity and machine intelligence,” said Mark Crane, Partner, General Catalyst. “The addition of Mayhem’s autonomous capabilities strengthens Bugcrowd’s position as a driving force in crowdsourced security. We’re proud to support a team that’s building the next generation of AI-powered, human-in-the-loop security testing.”

Learn more about how Bugcrowd and Mayhem Security are shaping the future of AI-powered security testing at the website here.

AI Connect and Asset View Unveiled by Bugcrowd