Bugcrowd Acquires Mayhem Security to Bring Human-Augmented AI Automation to Security Testing

This acquisition accelerates Bugcrowd's vision to unite the hacker community and the power of AI into a single, adaptive security solution that continuously and proactively finds and fixes new and known vulnerabilities across the attack surface.

SAN FRANCISCO, Nov. 4, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, today announced the acquisition of Mayhem Security, a pioneer in AI offensive security founded by some of the world's most elite hackers, to advance the next generation of humans-in-the-loop, AI-powered security testing. By combining the ingenuity of its global hacker community with Mayhem's cutting-edge AI platform, Bugcrowd aims to help organizations ship safer software faster, at lower cost, and with greater confidence, while shrinking their attack surface. The terms of the transaction were not disclosed.

Organizations face increasingly complex attack surfaces, driven by rapid software delivery, expanding APIs, and opaque supply chains. Traditional security approaches often detect vulnerabilities only after deployment, leaving exploitable weaknesses in production and exposing businesses to escalating risks from adversaries who operate with increasing speed and sophistication. Addressing these challenges requires a new approach: one that combines the scalability and precision of AI with the contextual insight of human-led testing to deliver security that evolves as fast as the threats it defends against.

The integration of Mayhem's AI-driven automation with Bugcrowd's crowdsourced testing redefines how vulnerabilities are discovered and remediated across the software development lifecycle. Customers will gain automated, proactive protection during development through virtually noise-free testing that continuously finds, prioritizes, and validates the remediation of vulnerabilities, seamlessly complemented by Bugcrowd's proven, human-driven adversarial testing of deployed software by trusted, highly skilled hackers. This marks an industry first, bringing both capabilities together in a unified platform that delivers continuous coverage from development to production. By combining Mayhem's AI offensive security with Bugcrowd's trusted crowdsourced expertise, organizations can continuously reduce their attack surface, eliminate risky code and dependencies, and keep pace with modern adversaries.

"I'm thrilled to welcome Mayhem Security to the Bugcrowd team," said Dave Gerry, CEO of Bugcrowd. "This acquisition represents another milestone in our mission to transform the way organizations approach cybersecurity by combining the collective ingenuity of our global hacker community with the machine speed and precision of AI offensive security testing. By integrating Mayhem's capabilities into the Bugcrowd Platform, we're building the industry's first truly adaptive security platform, enabling customers to anticipate, test, and defend at unprecedented scale. This is a strategic step toward realizing our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers' attack surface."

Mayhem Security was founded by Dr. David Brumley and Dr. Thanassis Avgerinos, two world-renowned cybersecurity innovators who each hold a PhD from Carnegie Mellon University. United by a vision to transform how organizations find and fix vulnerabilities, they've built a platform that blends deep academic research with real-world impact. The company made history in 2016 by winning the DARPA Cyber Grand Challenge with an autonomous system capable of discovering, diagnosing, and repairing software flaws in real time, later earning the first-ever DEF CON Black Badge awarded to a non-human competitor. Today, Mayhem's AI offensive platform delivers continuous security testing across APIs, code, and Software Bill of Materials (SBOM), and provides Reinforcement Learning environments for builders of foundational LLM models.

Mayhem Security currently delivers:

• API Security—Replaces biased and cumbersome manual methods with continuous, automated penetration testing to find, validate, and fix API vulnerabilities with 100% accuracy.
• Code Security—Enables customers to ship or deploy secure code faster and at a lower cost compared to noisy, time-consuming manual testing.
• Dynamic SBOM—Simplifies and accelerates time-to-compliance by profiling runtime applications and automatically identifying and removing risky third-party dependencies and unused code.
• Reinforcement Learning—Trains agents to carry out actions and solve problems by learning to run, break, and pass tests in real software.

"For over a decade, we've built technology that thinks and learns like an attacker to autonomously find new vulnerabilities," said Dr. David Brumley, CEO of Mayhem Security, now Chief AI and Science Officer at Bugcrowd. "Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we're redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats."

"Bugcrowd's acquisition of Mayhem Security marks a strategic evolution in how cybersecurity drives enterprise growth," said Navin Maharaj, Senior Director at KDT. "As software development accelerates and attack surfaces expand, integrated platforms like Bugcrowd's are uniquely positioned to lead. This move strengthens their market presence and amplifies their ability to deliver long-term value across the enterprise landscape."

"Bugcrowd continues to push the boundaries in modernizing cybersecurity, and the acquisition of Mayhem Security is a testament to that mission," said Jeff Hinck, Co-Founder and Managing Director, Rally Ventures. "By integrating AI-driven offensive security capabilities with its trusted hacker community, Bugcrowd is delivering a solution that's not only adaptive but anticipatory and preemptive, helping organizations stay ahead of threats rather than just react to them."

"We believe Mayhem's breakthrough technology and visionary leadership have consistently pushed the boundaries of what's possible in cybersecurity," said Aaron Jacobson, Partner, NEA. "We're excited to see this next chapter unfold with Bugcrowd, as they bring together automation and human insight to deliver a truly differentiated solution for today's evolving threat landscape."

"The future of cybersecurity lies at the intersection of human creativity and machine intelligence," said Mark Crane, Partner, General Catalyst. "The addition of Mayhem's autonomous capabilities strengthens Bugcrowd's position as a driving force in crowdsourced security. We're proud to support a team that's building the next generation of AI-powered, human-in-the-loop security testing."

About Mayhem Security

Mayhem Security (formerly ForAllSecure) is an AI offensive security provider. Founded in 2012 by Carnegie Mellon University researchers, the company has more than a decade of experience in cutting-edge research, education, and product innovation. They have also competed in Capture the Flag (CTF) competitions (DEF CON Black Badge winner) and partnered with K–12 and university programs to strengthen cybersecurity education.

In 2016, Mayhem Security won DARPA's Cyber Grand Challenge for autonomous security, and in 2019, launched its first commercial product, Mayhem. Headquartered in Pittsburgh, PA, with Fortune 1000 customers in defense, aerospace, fintech, high tech, and gaming. For more information, visit: www.mayhem.security/

About Bugcrowd

We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.

Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

"Bugcrowd", "CrowdMatch", "Security Knowledge Platform" and "Mayhem" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact
ICR for Bugcrowd
press@bugcrowd.com
bugcrowd@icrinc.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/bugcrowd-acquires-mayhem-security-to-bring-human-augmented-ai-automation-to-security-testing-302603363.html

SOURCE Bugcrowd