Bugcrowd secures $156.2 million for its crowdsourced cybersecurity platform

Crowdsourced security startup Bugcrowd has successfully secured $156.2 million (US$102 million) in strategic growth financing at an undisclosed valuation — a move that propels the company into a new phase of global expansion and innovation in cybersecurity solutions.

This funding round was led by US investors General Catalyst, Costanoa, and Rally Ventures and follows on from a successful Series D back in 2020. As a part of the deal, Mark Crane, Partner at General Catalyst, and Paul Sagan, Senior Advisor at General Catalyst, will join the Bugcrowd board of directors.

Bugcrowd’s platform connects organisations with a global network of ethical hackers to identify vulnerabilities before they can be exploited. Companies use Bugcrowd to launch bug bounty, vulnerability disclosure and penetration testing programs, which are designed according to their specific security requirements. Security researchers, also known as white hat or ethical hackers, participate in these programs by submitting vulnerability reports through the platform.

Upon submission, each vulnerability is validated and prioritised by Bugcrowd’s team to ensure that clients receive actionable and accurate security insights.

The idea for Bugcrowd came from humble beginnings, with the idea for the company being spitballed over beers and laksa in Sydney back in 2012. Since then it had a stint at Startmate before spending the past decade collecting round after round in successful funding and growing substantially in the global security and white hat hacker space.

The appetite for cybersecurity services is higher than ever

The cybersecurity stakes have been higher than ever over the past few years in Australia. Major breaches from Optus and Medibank have sparked renewed concern around cybersecurity across big and small businesses alike.

According to Dave Gerry, CEO of Bugcrowd, the company has seen an increase in spend despite the current turbulent economic climate and belt tightening within businesses.

“Customers are spending more than they ever have. They’re adding to their programs. And I think for us, it’s an indication that they’re actually getting the value that we think we’re providing. They are renewing at rates higher than we’ve ever seen,” Gerry said.

“So we’re seeing a tremendous amount of growth on the customer side without seeing the indicators of an economic downturn. And this isn’t just the US market or Australia. It’s what we’re seeing globally across every single vertical and every single segment.”

In 2024, Gerry says to the exploitation of AI and supply chain will be under the microscope when it comes to cyber security risks.

“AI, it’s it’s a tool, it’s a threat, it’s a risk. It’s something that can be a huge benefit,” Gerry said.

“But specifically around security, there’s concern around the safety of AI. How do you look at safety issues and bias issues the same way that you would look at a security vulnerability?”

Gerry points out that these days, the time from zero day to an exploit can be under 24 hours, whereas previously it could be one to two weeks. And that’s due to the help of AI doing a lot of the leg work.

“Anybody can be an adversary when AI is doing a lot of the scripting work that you needed to have some technical chops to be able to do previous to this,” Gerry said.

When it comes to supply chain, Bugcrowd is seeing increased customer concern around what happens if there is a weak link.

“You may have the best security program in the world. But if you have an API integration with a small piece of code that you may not even know about as the chief security officer, that can leave you susceptible if that partner doesn’t have the right security practices and the right security expertise in house,” Gerry said.

The future of Bugcrowd lies in innovation, mergers and acquisitions

Looking ahead, Bugcrowd is set to introduce new technological innovations and enhancements to its platform. The integration of advanced AI and machine learning technologies aims to revolutionise the efficiency and accuracy of vulnerability detection, providing predictive insights to preempt cyber threats.

One of the biggest changes will be making the platform easier to use for real large businesses with complex requirements.

“There’s going to be a whole swath of features coming out within the next 30 to 60 days, kind of Rolling Thunder style, where it’s going to be very easy for customers to onboard thousands of programs,” Gerry said.

“So if you think about some of the biggest multinational organisations, [they’ll have the] ability to very quickly onboard all of their subsidiaries, all of the different services and solutions that each of those may want to us and be able to manage that in a very simple way.”

There are also plans to proactively leverage the data Bugcrowd holds to provide customers analysis robust vulnerability intelligence.

The company also openly talked about future mergers (M&A) and acquisitions to further build out Bugcrowd’s global strategic growth plan.

Bugcrowd says there are a number of options it would consider when it comes to M&A, from companies with complementary technologies and expertise, as well as ones that could open up new regions to the company. Gerry even says they would consider going big in the right circumstances.

“Let’s go double the size of bug crowd overnight and merge with a really large organisation that we can again start to expand the value that we can provide to customers to the hacker community shareholders to our employees,” Gerry says as an example.

Gerry goes on to say that as a phase one standpoint for M&A, Bugcrowd wants to stay true who they are.

“We’re not looking at trying to open up adjacent markets. We’re not looking at trying to completely change the direction of the business or who we are as a company,” Gerry said.

“We’re going to make sure that it’s within the pillars that we compete in today — whether that be bug bounty, pen testing, vulnerability disclosure. And for me, it’s incredibly important that we get it right from a cultural fit standpoint.”