According to CRN, Bugcrowd announced Tuesday it acquired Mayhem Security to boost its autonomous application testing capabilities. The acquisition brings Mayhem’s 11 employees to Bugcrowd and adds continuous penetration testing for discovering vulnerabilities in APIs and application code. Mayhem Security, formerly known as ForAllSecure, was founded in 2012 and had raised at least $36 million in funding, including a $21 million Series B round in 2022. Bugcrowd CEO Dave Gerry claims this creates the industry’s first “truly adaptive security platform.” This marks Bugcrowd’s second acquisition after their 2024 purchase of Informer for external attack surface management.
Sponsored content — provided for informational and promotional purposes.
Where Automation Meets Human Intelligence
Here’s the thing about automated security testing – it’s great for finding the obvious stuff. But what happens when you combine that with human creativity? That’s exactly what Bugcrowd is betting on. They’re essentially creating a two-pronged approach: automated tools constantly scanning for known vulnerabilities, while their crowd of security researchers looks for the weird, novel stuff that machines might miss.
And let’s be honest, the timing makes sense. With the explosion of APIs and cloud-native applications, manual security testing just doesn’t scale anymore. Companies are deploying code multiple times a day, and traditional penetration testing happens maybe once a quarter. That gap between deployments and testing is where vulnerabilities slip through.
The Reality of Continuous Testing
Now, continuous penetration testing sounds great in theory, but what does it actually mean? Basically, instead of waiting for scheduled security audits, Mayhem’s technology can run constantly against development and production environments. It’s like having a security guard that never sleeps, constantly poking at your applications looking for weaknesses.
But here’s the challenge: false positives. Automated tools can generate tons of noise, and security teams are already overwhelmed. The real test will be how well Bugcrowd integrates Mayhem’s automation with their existing platform to provide actionable insights rather than just more alerts.
Bugcrowd’s Growing Platform Strategy
This isn’t Bugcrowd’s first rodeo when it comes to acquisitions. They picked up Informer last year for attack surface management, and now they’re adding automated testing. They’re clearly building something bigger than just a bug bounty platform – they’re creating a comprehensive security testing ecosystem.
And with their recent launch of AI Connect and Asset View capabilities, they’re positioning themselves as a one-stop shop for organizations wanting to secure their entire digital footprint. It’s a smart move in a market that’s increasingly demanding integrated solutions rather than point products.
So where does this leave the traditional security testing market? Probably feeling some pressure. When you combine the scale of crowd-sourced testing with the efficiency of automation, you’ve got a pretty compelling value proposition. The question is whether other players will follow suit with similar acquisitions, or if Bugcrowd has found a unique formula that’s hard to replicate.
