)
Sydney-founded cybersecurity company Bugcrowd has acquiring US-based Mayhem Security, a pioneer in AI offensive security developed by hackers, in a move aimed at advancing the next generation of “humans-in-the-loop”, AI-powered security testing.
Bugcrowd, which last year raised US$102 million ($157 million) to pursue merger and acquisition opportunities, has not disclosed financial details of the transaction.
The company says the combined ingenuity of its global hacker community with Mayhem’s cutting-edge AI platform will help organisations "ship safer software faster, at lower cost and with greater confidence, while shrinking their attack surface”.
The deal accelerates Bugcrowd’s vision to unite the hacker community and the power of AI into a single, adaptive security solution that continuously and proactively finds and fixes new and known vulnerabilities across these attack surfaces.
Bugcrowd, an early participant in the Startmate accelerator program, was founded in Sydney by Casey Ellis in 2012 before relocating the business to the US a year later.
By crowdsourcing ethical hackers, the company has unlocked "an army of allies to outsmart an army of adversaries".
Bugcrowd says organisations globally face increasingly complex attack surfaces, driven by rapid software delivery, expanding APIs (application programming interfaces) and opaque supply chains.
While traditional security approaches often detect vulnerabilities only after deployment, Bugcrowd says it is tackling the problem by combining the scalability and precision of AI with the contextual insight of human-led testing to deliver security that evolves as fast as the threats it defends against.
The company says the integration of Mayhem’s AI-driven automation with Bugcrowd’s crowdsourced testing will redefine how vulnerabilities are discovered and remediated across the software development lifecycle.
“This acquisition represents another milestone in our mission to transform the way organisations approach cybersecurity by combining the collective ingenuity of our global hacker community with the machine speed and precision of AI offensive security testing,” says Bugcrowd CEO Dave Gerry.
“By integrating Mayhem’s capabilities into the Bugcrowd platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test and defend at unprecedented scale.
“This is a strategic step toward realising our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers' attack surface.”
Mayhem Security was founded by Dr David Brumley and Dr Thanassis Avgerinos, cybersecurity innovators who each hold a PhD from Carnegie Mellon University in Pennsylvania.
In 2016, the company won the DARPA Cyber Grand Challenge with an autonomous system capable of discovering, diagnosing and repairing software flaws in real time, later earning the first-ever DEF CON Black Badge awarded to a non-human competitor.
Mayhem’s AI offensive platform delivers continuous security testing across APIs, code, and Software Bill of Materials (SBOM), and provides Reinforcement Learning environments for builders of foundational LLM (large-language models).
“For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities,” says Brumley, the CEO of Mayhem Security.
“Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community.
“Together, we’re redefining modern security testing, helping organisations pre-empt risk, close vulnerabilities faster and eliminate zero-day threats.”
)
