Crowdsourced cyber security firm Bugcrowd hopes to make good on a plan to “unite the hacker community and the power of AI” after acquiring Mayhem Security, an artificial intelligence (AI) and cyber scaleup founded out of Carnegie Mellon University in Pittsburgh as ForAllSecure back in 2012.
Mayhem – which won the Darpa Cyber Grand Challenge in 2016 and was also the recipient of the first ever DEF CON Black Badge awarded to a non-human entity – pioneered the application of automation, and now AI, to “offensive” security techniques.
Over the years, it has developed and honed a platform that delivers continuous AI-enhanced security testing across application programming interfaces (APIs), code and software bills of material (SBOMs). It also provides reinforcement learning environments for builders of foundational large language models (LLMs) to train AI agents to run, break and test software all on their own.
Bugcrowd said that by folding Mayhem’s platform into its own operation it will augment the ingenuity of its small army of freelance ethical hackers with the speed and precision of AI-powered testing.
Bugcrowd CEO David Gerry described a milestone in the firm’s mission to change how firms approach cyber security. “By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test and defend at unprecedented scale,” he said. “This is a strategic step toward realising our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers’ attack surface.”
David Brumley, Mayhem CEO, and professor of electrical and computer engineering at Carnegie Mellon, said: “For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities.
“Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community,” he added. “Together, we’re redefining modern security testing, helping organisations pre-empt risk, close vulnerabilities faster and eliminate zero-day threats.”
Complex attack surfaces require new approaches
Organisations all over the world are facing increasingly complex attack surfaces, and the rapid delivery of often flawed software, expanding APIs, and opaque supply chains and dependencies, are not helping.
More traditional approaches to this problem have tended to detect vulnerabilities only after deployment, meaning exploitable vulnerabilities are pushed live where increasingly fast-moving threat actors can easily find them before the good guys can fix them.
The approach advocated by Bugcrowd and Mayhem holds that the AI-hacker combo will close this window of opportunity, or even eliminate it. Ultimately, the goal is to help organisations ship safer software faster, more cheaply, and with greater confidence, while shrinking their attack surface at the same time.
“Bugcrowd continues to push the boundaries in modernising cyber security, and the acquisition of Mayhem Security is a testament to that mission,” said Jeff Hinck, co-founder and managing director at Rally Ventures.
“By integrating AI-driven offensive security capabilities with its trusted hacker community, Bugcrowd is delivering a solution that’s not only adaptive, but anticipatory and preemptive, helping organisations stay ahead of threats rather than just react to them.”
Financial terms of the transaction were not disclosed.
