Mergers and Acquisitions, AI/ML, Automated penetration testing

Bugcrowd Acquires Mayhem Security to Advance AI-Augmented Offensive Testing

Bugcrowd has acquired Mayhem Security, a Pittsburgh-based AI-driven offensive security company, in a move that underscores the merging of human expertise and artificial intelligence in modern security testing. The acquisition brings Mayhem’s autonomous testing technology under the Bugcrowd platform, marking a step toward unifying AI-driven automation with crowdsourced human insight.

A Shift Toward Human-Augmented AI Security

As attack surfaces grow more complex, driven by API sprawl, rapid software releases, and opaque supply chains, traditional approaches to vulnerability discovery have become too slow and too reactive. Manual penetration testing and static scanning still play a role, but neither scales effectively in a world where code changes daily.

That’s where Bugcrowd sees the integration of Mayhem’s AI offensive platform as transformative. By combining Mayhem’s autonomous vulnerability discovery and runtime analysis with the creativity and intuition of Bugcrowd’s hacker community, the company is building a continuous feedback loop between machine and human testing.
by vetted security researchers.

Dave Gerry, CEO of Bugcrowd, told ChannelE2E, “The acquisition of Mayhem Security strengthens Bugcrowd’s market position by uniting industry-leading crowdsourced expertise with advanced AI-driven automation. Together, Bugcrowd and Mayhem will create the industry’s first truly adaptive security platform, accelerating discovery, improving accuracy, and scaling testing to help organizations anticipate, test, and defend at unprecedented speed and scale.”

The integration is designed to create a feedback loop where AI identifies and validates vulnerabilities, while human testers add context and creativity that machines can’t replicate. Together, the two approaches promise faster, more accurate testing that scales across the software lifecycle.

How the Mayhem Platform Fits In

Mayhem Security, founded by Carnegie Mellon researchers Dr. David Brumley and Dr. Thanassis Avgerinos, built its reputation on advancing autonomous security systems. Their work earned Mayhem the top spot in DARPA’s 2016 Cyber Grand Challenge - a competition that proved machines could autonomously find and patch vulnerabilities in real time.

That same capability now forms the foundation of Bugcrowd’s new model. “Mayhem’s platform uncovers real, exploitable vulnerabilities with near-zero false positives by combining fuzzing, symbolic execution, and intelligent runtime analysis,” Gerry explained. “Instead of static scans or reports, it actively proves which issues can be exploited, giving developers high-confidence results and faster fixes.”

By embedding this capability into the Bugcrowd platform, customers will start seeing automation layered into vulnerability triage and signal detection - reducing manual noise while improving decision-making. “In the near term,” Gerry added, “customers can expect enhanced automation in vulnerability triage, smarter signal detection from crowdsourced testing, and tighter integration between AI insights and human reporting.”

Building Toward Continuous, Adaptive Security

The acquisition also opens the door for Bugcrowd’s partners and managed security providers to build new testing-as-a-service models that combine automated and human-led testing in one workflow. It’s an approach that fits the MSP and MSSP markets well, where scalable, continuous validation is increasingly demanded by customers facing evolving compliance requirements.

“The acquisition expands Bugcrowd’s ability to help customers reduce their attack surface by combining continuous, automated testing across APIs, code, and software supply chains with Bugcrowd’s post-release crowdsourced security expertise,” Gerry said. “It lays the foundation for meaningful interoperability between automation, AI, and the collective intelligence of the security researcher community, creating a path forward where adversarial insight can be operationalized at scale.”

For Bugcrowd, the long game is clear: a self-learning security platform where human researchers train AI systems that, in turn, make human testers more effective. It’s a convergence of creativity and computation that mirrors what’s happening across the broader cybersecurity landscape, where automation is no longer about replacing humans, but amplifying their reach.

By bringing Mayhem into the fold, Bugcrowd isn’t just adding AI to its platform - it’s changing how vulnerability discovery and remediation are fundamentally orchestrated. Security testing becomes an ongoing, adaptive process that evolves with every new threat, update, and line of code.

In that sense, this acquisition is less about consolidation and more about momentum. It signals where the industry is heading: toward a model where the boundary between human expertise and machine precision no longer exists - only continuous defense.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds