According to CRN, Bugcrowd announced Tuesday that it’s acquiring Mayhem Security to boost its autonomous application testing capabilities. The acquisition brings Mayhem’s 11 employees over to Bugcrowd, though financial terms weren’t disclosed. Mayhem Security, formerly known as ForAllSecure, was founded in 2012 and had raised at least $36 million in funding, including a $21 million Series B round in 2022. The company’s key capabilities include continuous penetration testing for discovering vulnerabilities in APIs and application code. Bugcrowd CEO Dave Gerry says this creates the industry’s first “truly adaptive security platform.” This follows Bugcrowd’s 2024 acquisition of Informer and recent launches of AI Connect and Asset View capabilities.
Sponsored content — provided for informational and promotional purposes.
Where automation meets crowdsourcing
Here’s the thing about crowdsourced security testing – it’s brilliant for finding edge cases that automated tools miss, but it can be slow and expensive. Meanwhile, automated tools are great for catching low-hanging fruit quickly but often miss complex vulnerabilities. So what happens when you combine them? Basically, Bugcrowd is betting that Mayhem’s continuous automated testing can handle the routine stuff while their human researchers focus on the really tricky security holes.
But can automation really replace human creativity in finding vulnerabilities? That’s the billion-dollar question. Mayhem’s approach uses AI to simulate attacks and find weaknesses automatically, which sounds great in theory. The challenge is that sophisticated attackers are constantly evolving their techniques, and automated systems sometimes struggle to keep up with novel attack vectors.
The funding backstory
Mayhem Security’s $36 million in funding history tells you something important – this isn’t some lightweight startup. They’ve been around since 2012, back when they were called ForAllSecure, and that Series B round in 2022 from heavy hitters like New Enterprise Associates and Koch Disruptive Technologies suggests investors saw real potential in their technology. Now they’re getting acquired rather than raising another round, which makes you wonder about the market for standalone automated security testing tools.
Look, the security testing space is getting crowded, and companies are looking for platforms that can do everything. Bugcrowd’s been on a bit of an acquisition spree lately – they picked up Informer last year for attack surface management, and now they’re adding automated testing. They’re basically building a one-stop shop for security testing, and that’s probably where the market’s heading.
What this actually means for security teams
For security teams drowning in vulnerability reports, this could be a game-changer. Imagine having automated tools constantly scanning your APIs and code while human experts handle the complex stuff. The promise is faster vulnerability remediation without breaking the bank. But there’s always a trade-off – more automation means you’re trusting machines to find security holes, and we’ve all seen how that can go wrong.
The real test will be how well Bugcrowd integrates Mayhem’s technology with their existing platform. Acquisitions in tech often look great on paper but stumble during integration. If they can actually deliver on that “adaptive security platform” promise, it could change how companies approach application security. But that’s a big if – we’ve heard similar promises before, and the security industry is littered with acquisitions that never quite lived up to the hype.
