Bugcrowd, a company known for its work in bug bounty and vulnerability disclosure, has announced the acquisition of Mayhem Security, an AI-driven offensive security firm.
The terms of the deal were not disclosed.
Organizations are dealing with more complicated cybersecurity risks as they build software faster, add more APIs, and work with many suppliers. Traditional security methods often find problems only after software is already being used, which can leave systems open to attack. Bugcrowd says that to keep up with new threats, companies need to combine the power of artificial intelligence with the knowledge of skilled security experts. By buying Mayhem Security, Bugcrowd plans to bring these tools together in one platform so security testing can happen throughout the entire software process.
Mayhem Security, previously known as ForAllSecure, was founded by David Brumley and Thanassis Avgerinos, both PhDs from Carnegie Mellon University. Mayhem previously gained recognition after winning the 2016 DARPA Cyber Grand Challenge by deploying an autonomous system able to discover, diagnose, and repair software vulnerabilities in real time, earning the first DEF CON Black Badge for a non-human competitor. Mayhem’s technology is focused on continuous penetration testing, code security, dynamic SBOM (Software Bill of Materials) profiling, and reinforcement learning environments for foundational LLM model builders.
Upon completion of the acquisition, all 11 Mayhem Security employees have joined Bugcrowd. Brumley will serve as Bugcrowd’s chief AI and science officer. For Mayhem Security, the opportunity to join Bugcrowd is seen as a way to merge its automation technology with the expertise of the hacker community.
Statements from both companies reinforced the strategy behind the merger. Bugcrowd CEO Dave Gerry characterized the acquisition as a further step in the company’s goal to “transform the way organizations approach cybersecurity,” citing the objective of achieving an adaptive security platform that leverages both human and machine capabilities. Brumley described the partnership as “redefining modern security testing” and supporting efforts to eliminate zero-day vulnerabilities.
Mayhem Security reportedly raised at least $36 million prior to acquisition, including a $21 million Series B round in 2022.
“For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities,” Brumley said in a statement. “Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we’re redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats.”
