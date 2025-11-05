Crowdsourced cyber security firm Bugcrowd hopes to make good on a plan to “unite the hacker community and the power of AI” after acquiring Mayhem Security, an artificial intelligence (AI) and cyber scaleup founded out of Carnegie Mellon University in Pittsburgh as ForAllSecure back in 2012.

Mayhem – which won the Darpa Cyber Grand Challenge in 2016 and was also the recipient of the first ever DEF CON Black Badge awarded to a non-human entity – pioneered the application of automation, and now AI, to “offensive” security techniques.

Over the years, it has developed and honed a platform that delivers continuous AI-enhanced security testing across application programming interfaces (APIs), code and software bills of material (SBOMs). It also provides reinforcement learning environments for builders of foundational large language models (LLMs) to train AI agents to run, break and test software all on their own.

Bugcrowd said that by folding Mayhem’s platform into its own operation it will augment the ingenuity of its small army of freelance ethical hackers with the speed and precision of AI-powered testing.

Bugcrowd CEO David Gerry described a milestone in the firm’s mission to change how firms approach cyber security. “By integrating Mayhem’s capabilities into the Bugcrowd Platform, we’re building the industry’s first truly adaptive security platform, enabling customers to anticipate, test and defend at unprecedented scale,” he said. “This is a strategic step toward realising our vision of a self-learning platform that unites human creativity with machine intelligence, while shrinking customers’ attack surface.”

David Brumley, Mayhem CEO, and professor of electrical and computer engineering at Carnegie Mellon, said: “For over a decade, we’ve built technology that thinks and learns like an attacker to autonomously find new vulnerabilities.

“Joining forces with Bugcrowd amplifies that mission by combining AI-driven automation with the creativity and expertise of the global hacker community,” he added. “Together, we’re redefining modern security testing, helping organisations pre-empt risk, close vulnerabilities faster and eliminate zero-day threats.”