Bugcrowd has announced the acquisition of Mayhem Security, an AI offensive security pioneer founded by Carnegie Mellon University researchers Dr. David Brumley and Dr. Thanassis Avgerinos. The acquisition accelerates Bugcrowd’s mission to integrate human ingenuity with AI-driven automation, creating an adaptive security platform that continuously identifies and mitigates vulnerabilities throughout the software development lifecycle. Terms of the deal were not disclosed.
Through this acquisition, Bugcrowd is combining its global hacker community with Mayhem’s AI offensive security technology to help organizations build and ship software more securely and efficiently. The unified platform will provide end-to-end coverage, from proactive vulnerability detection during development to adversarial testing in production.
Traditional security testing often fails to identify vulnerabilities until after deployment, leaving systems exposed to advanced adversaries. Bugcrowd’s new approach leverages both AI and human expertise to deliver continuous, contextual, and scalable protection. By integrating Mayhem’s AI-driven automation into its crowdsourced model, Bugcrowd aims to minimize noise, prioritize vulnerabilities more effectively, and accelerate remediation timelines across APIs, code, and software dependencies.
Mayhem Security brings a deep pedigree in autonomous security testing. Its platform is known for capabilities including automated API penetration testing, code security analysis, and dynamic Software Bill of Materials (SBOM) management. It also provides reinforcement learning environments that train AI agents to identify and repair vulnerabilities autonomously. The company gained international recognition in 2016 after winning DARPA’s Cyber Grand Challenge for autonomous systems, and later became the first non-human DEF CON Black Badge winner.
Following the acquisition, Dr. Brumley will serve as Chief AI and Science Officer at Bugcrowd. The combination of Bugcrowd’s human-led expertise and Mayhem’s machine-driven capabilities represents what the companies describe as the next evolution of adaptive cybersecurity—where human creativity and artificial intelligence work in tandem to preempt, not just respond to, threats.
KEY QUOTES:
“I’m thrilled to welcome Mayhem Security to the Bugcrowd team. This acquisition represents another milestone in our mission to transform the way organizations approach cybersecurity by combining the collective ingenuity of our global hacker community with the machine speed and precision of AI offensive security testing. By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test, and defend at unprecedented scale. This is a strategic step toward realizing our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers’ attack surface.”
Dave Gerry, CEO of Bugcrowd
“For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities. Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community. Together, we’re redefining modern security testing, helping organizations preempt risk, close vulnerabilities faster, and eliminate zero-day threats.”
Dr. David Brumley, CEO of Mayhem Security, now Chief AI and Science Officer at Bugcrowd
“Bugcrowd’s acquisition of Mayhem Security marks a strategic evolution in how cybersecurity drives enterprise growth. As software development accelerates and attack surfaces expand, integrated platforms like Bugcrowd’s are uniquely positioned to lead. This move strengthens their market presence and amplifies their ability to deliver long-term value across the enterprise landscape.”
Navin Maharaj, Senior Director at KDT
“Bugcrowd continues to push the boundaries in modernizing cybersecurity, and the acquisition of Mayhem Security is a testament to that mission. By integrating AI-driven offensive security capabilities with its trusted hacker community, Bugcrowd is delivering a solution that’s not only adaptive but anticipatory and preemptive, helping organizations stay ahead of threats rather than just react to them.”
Jeff Hinck, Co-Founder and Managing Director, Rally Ventures
“We believe Mayhem’s breakthrough technology and visionary leadership have consistently pushed the boundaries of what’s possible in cybersecurity. We’re excited to see this next chapter unfold with Bugcrowd, as they bring together automation and human insight to deliver a truly differentiated solution for today’s evolving threat landscape.”
Aaron Jacobson, Partner, NEA
“The future of cybersecurity lies at the intersection of human creativity and machine intelligence. The addition of Mayhem’s autonomous capabilities strengthens Bugcrowd’s position as a driving force in crowdsourced security. We’re proud to support a team that’s building the next generation of AI-powered, human-in-the-loop security testing.”
Mark Crane, Partner, General Catalyst
