Crowdsourced cybersecurity platform company Bugcrowd Inc. today announced that it has acquired Mayhem Security, an artificial intelligence offensive security company, to advance the next generation of humans-in-the-loop, AI-powered security testing.

Founded in 2012, Mayhem Security emerged from research at Carnegie Mellon University to automate the discovery and remediation of software vulnerabilities. The company was founded by cybersecurity researchers includingDavid Brumley and Thanassis Avgerinos, who built capabilities originally to contend in research competitions before commercializing their technology.

Mayhem’s platform leverages AI and autonomous execution to perform offensive security testing that effectively thinks like an attacker across code, applications and runtime environments. The underlying technology uses methods such as symbolic execution and fuzzing to generate test cases that explore deep code paths and trigger exploitable conditions.

The company emphasizes continuous testing and integration into development lifecycles, with support for application programming interfaces, full applications and their runtimes and software bills of materials. For example, Mayhem’s “Dynamic SBOM” capability examines actual runtime behavior rather than only static dependency lists to help organizations remove unused or risky code and third-party dependencies that might expose them to supply-chain threat vectors.

Mayhem serves enterprise-grade customers across sectors including aerospace, automotive, technology and federal agencies, with its autonomous test suite being used for defending complex systems, including weapon systems and high-stakes infrastructure, under contract to government agencies.

Notable Mayhem customers include Cloudflare Inc., Deloitte Touche Tohmatsu Ltd., Roblox Corp., F. Hoffmann-La Roche AG and Rivian Automotive Inc.

With the acquisition, Bugcrowd plans to combine its global hacker community with Mayhem’s AI platform to help organizations ship safer software faster, at lower cost and with greater confidence, while shrinking their attack surface.

Bugcrowd customers will gain automated, proactive protection during development through noise-free testing that continuously finds, prioritizes and validates the remediation of vulnerabilities, complemented by Bugcrowd’s human-driven adversarial testing of deployed software by trusted, highly skilled hackers.

“By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test and defend at unprecedented scale,” said Bugcrowd Chief Executive Dave Gerry. “This is a strategic step toward realizing our vision of an intelligent, self-learning platform that unites human creativity with machine intelligence while shrinking customers’ attack surface.”

Coming into its acquisition, Mayhem Security, formerly known as ForAllSecure Inc., had raised $38 million over three rounds, including $21 million in March 2022. Investors in the company include New Enterprise Associates Inc. and Koch Disruptive Technologies.

Image: Mayhem Security