Bugcrowd Acquires AI Security Startup Mayhem to Merge Human Hackers with Machine Intelligence

Bugcrowd acquires AI security startup Mayhem to fuse hacker ingenuity with machine intelligence - SiliconANGLE

Bugcrowd acquires AI security startup Mayhem to fuse hacker ingenuity with machine intelligence Crowdsourced cybersecurity platform company Bugcrowd Inc. today announced that it has acquired Mayhem Security, an artificial intelligence offensive security company, to advance the next generation of humans-in-the-loop, AI-powered security testing. Founded in 2012, Mayhem Security emerged from research at Carnegie Mellon University to automate the discovery and remediation of software vulnerabilities. The company was founded by cybersecurity researchers includingDavid Brumley and Thanassis Avgerinos, who built capabilities originally to contend in research competitions before commercializing their technology. Mayhem's platform leverages AI and autonomous execution to perform offensive security testing that effectively thinks like an attacker across code, applications and runtime environments. The underlying technology uses methods such as symbolic execution and fuzzing to generate test cases that explore deep code paths and trigger exploitable conditions. The company emphasizes continuous testing and integration into development lifecycles, with support for application programming interfaces, full applications and their runtimes and software bills of materials. For example, Mayhem's "Dynamic SBOM" capability examines actual runtime behavior rather than only static dependency lists to help organizations remove unused or risky code and third-party dependencies that might expose them to supply-chain threat vectors. Mayhem serves enterprise-grade customers across sectors including aerospace, automotive, technology and federal agencies, with its autonomous test suite being used for defending complex systems, including weapon systems and high-stakes infrastructure, under contract to government agencies. Notable Mayhem customers include Cloudflare Inc., Deloitte Touche Tohmatsu Ltd., Roblox Corp., F. Hoffmann-La Roche AG and Rivian Automotive Inc. With the acquisition, Bugcrowd plans to combine its global hacker community with Mayhem's AI platform to help organizations ship safer software faster, at lower cost and with greater confidence, while shrinking their attack surface. Bugcrowd customers will gain automated, proactive protection during development through noise-free testing that continuously finds, prioritizes and validates the remediation of vulnerabilities, complemented by Bugcrowd's human-driven adversarial testing of deployed software by trusted, highly skilled hackers. "By integrating Mayhem's capabilities into the Bugcrowd Platform, we're building the industry's first truly adaptive security platform, enabling customers to anticipate, test and defend at unprecedented scale," said Bugcrowd Chief Executive Dave Gerry. "This is a strategic step toward realizing our vision of an intelligent, self-learning platform that unites human creativity with machine intelligence while shrinking customers' attack surface." Coming into its acquisition, Mayhem Security, formerly known as ForAllSecure Inc., had raised $38 million over three rounds, including $21 million in March 2022. Investors in the company include New Enterprise Associates Inc. and Koch Disruptive Technologies.

Bugcrowd Acquires Mayhem Security To Boost Autonomous App Testing

Key capabilities from Mayhem Security include continuous penetration testing for discovering and fixing vulnerabilities in APIs as well as application code, Bugcrowd says. Bugcrowd announced the acquisition Tuesday of Mayhem Security, a longtime provider of autonomous application security testing, in a bid to help accelerate vulnerability remediation. Terms of the acquisition deal weren't disclosed. Mayhem Security has 11 employees, all of whom are joining crowdsourced security provider Bugcrowd, the vendor told CRN. [Related: 10 Cool New Security Products Announced At Black Hat 2025] Formerly known as ForAllSecure, Mayhem Security was founded in 2012 and has been working to enable faster identification of software vulnerabilities through automation, Co-Founder and CEO David Brumley said in a previous interview. Key capabilities from Mayhem Security include continuous, automated penetration testing for discovering and fixing vulnerabilities in APIs as well as application code, Bugcrowd said in a news release. For Bugcrowd, the addition of Mayhem Security's "AI-driven automation" will enable the crowdsourced cybersecurity platform to deliver the industry's "first truly adaptive security platform," Bugcrowd CEO Dave Gerry said in a quote included in the release. Mayhem Security had raised at least $36 million in funding, with the company -- under the former name ForAllSecure -- last raising a $21 million Series B round in 2022 led by New Enterprise Associates and Koch Disruptive Technologies. Prior M&A by Bugcrowd has included the 2024 acquisition of Informer, a veteran provider of external attack surface management capabilities. In August, Bugcrowd unveiled a new offering, AI Connect, aimed at enabling secure integration of AI systems with the company's real-time feeds of vulnerability data. Bugcrowd also debuted its new Asset View capability that brings together asset discovery and management with scanning and offensive testing.