Bugcrowd expands AI-powered, human-led security with Mayhem Security acquisition

Bugcrowd has announced the acquisition of Mayhem Security to advance the next generation of AI-powered, human-in-the-loop security testing. Bugcrowd aims to help organizations ship safer software faster, at lower cost, and with greater confidence, while shrinking their attack surface. The terms of the transaction were not disclosed.

Organizations face increasingly complex attack surfaces, driven by rapid software delivery, expanding APIs, and opaque supply chains. Traditional security approaches often detect vulnerabilities only after deployment, leaving exploitable weaknesses in production and exposing businesses to escalating risks from adversaries who operate with increasing speed and sophistication.

Addressing these challenges requires a new approach, one that combines the scalability and precision of AI with the contextual insight of human-led testing to deliver security that evolves as fast as the threats it defends against.

The integration of Mayhem’s AI-driven automation with Bugcrowd’s crowdsourced testing redefines how vulnerabilities are discovered and remediated across the software development lifecycle. Customers will gain automated, proactive protection during development through virtually noise-free testing that continuously finds, prioritizes, and validates the remediation of vulnerabilities, seamlessly complemented by Bugcrowd’s human-driven adversarial testing of deployed software by trusted, highly skilled hackers.

By combining Mayhem’s AI offensive security with Bugcrowd’s crowdsourced expertise, organizations can continuously reduce their attack surface, eliminate risky code and dependencies, and keep pace with adversaries.

“This acquisition represents another milestone in our mission to transform the way organizations approach cybersecurity by combining the collective ingenuity of our global hacker community with the machine speed and precision of AI offensive security testing”, said Dave Gerry, CEO of Bugcrowd.

“By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test, and defend at unprecedented scale. This is a strategic step toward realizing our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers’ attack surface,” Gerry continued.

Mayhem Security currently delivers:

• API security — Replaces biased and cumbersome manual methods with continuous, automated penetration testing to find, validate, and fix API vulnerabilities with 100% accuracy.
• Code security — Enables customers to ship or deploy secure code faster and at a lower cost compared to noisy, time-consuming manual testing.
• Dynamic SBOM — Simplifies and accelerates time-to-compliance by profiling runtime applications and automatically identifying and removing risky third-party dependencies and unused code.
• Reinforcement learning — Trains agents to carry out actions and solve problems by learning to run, break, and pass tests in real software.

“For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities. Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we’re redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats,” said Dr. David Brumley, CEO of Mayhem Security.

“Bugcrowd’s acquisition of Mayhem Security marks a strategic evolution in how cybersecurity drives enterprise growth,” said Navin Maharaj, Senior Director at KDT. “As software development accelerates and attack surfaces expand, integrated platforms like Bugcrowd’s are uniquely positioned to lead. This move strengthens their market presence and amplifies their ability to deliver long-term value across the enterprise landscape.”