Bugcrowd acquired Mayhem Security, a Pittsburgh-based startup known for autonomous security testing, to blend human-led hacking with AI-powered automation and speed up how software vulnerabilities are found and fixed.
The deal announced Tuesday combines Bugcrowd’s global network of ethical hackers with Mayhem’s platform for continuous penetration testing. Mayhem’s platform automatically probes a company’s attack surface for weaknesses in APIs (application programming interfaces) and application code.
Bugcrowd said the integration will create an “adaptive security platform” that delivers nonstop testing from software development through deployment.
Mayhem, founded by Carnegie Mellon researchers and rebranded from ForAllSecure in 2023, built its reputation on automation that “thinks like an attacker.” Its software can autonomously locate and patch vulnerabilities in real time—a concept validated when it won the DARPA Cyber Grand Challenge in 2016.
For Bugcrowd, the acquisition marks a shift toward human-augmented AI security, where crowdsourced hacking and machine intelligence combine to deliver faster results with fewer false positives. It also strengthens Bugcrowd’s position in a competitive testing market that includes platforms such as Synack, HackerOne, and Cobalt, all racing to automate more of the vulnerability discovery process.
Analysts say the move reflects a broader industry trend merging offensive-security expertise with AI automation. A common refrain from traditional security experts is that point-in-time testing no longer keeps pace with continuous development cycles, and companies need tools that adapt as quickly as new code is written.
Stay on point and visit the latest SecPointBreak Marketplace headlines.
