Bugcrowd Attains $102M Strategic Growth Funding Round

Ethical hacking as-a-service platform Bugcrowd received a $102 million venture capital investment to fuel strategic growth, the San Francisco company announced Monday.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

Led by General Catalyst, with participation from existing investors Rally Ventures and Costanoa Ventures, the investment will fuel the development of new services, more features on the Bugcrowd platform, new hires and recruiting within the hacker community, CEO Dave Gerry told Information Security Media Group.

“The validation from customers, hackers, industry analysts, and the broader cybersecurity community well positions Bugcrowd to be a category-leading company,” said Mark Crane, a General Catalyst partner.
Founded in 2012, Bugcrowd has so far attracted $90 million in investments for services that include managing bug county programs, vulnerability disclosure and crowdsourced penetration testing.

The company says it can draw on half a million hackers to find and responsibly disclose vulnerabilities. Customers include T-Mobile, OpenAI and the U.S. Cybersecurity and Infrastructure Security Agency (see: It’s OpenAI Season for Bug Hunting).

As part of the investment, Crane and General Catalyst Special Advisor Paul Sagan will join the Bugcrowd board of directors, with Sagan becoming the chair. Jeff Simon, T-Mobile CSO, and Prabhath Karanth, global head of security and trust at Navan – another Bugcrowd customer – will join the advisory board.

“Our customers are outgunned and outmatched. They need to tap into all this creativity that exists within the hacker community,” Gerry said ahead of today’s announcement.

Bugcrowd had a good 2024, Gerry said, referring to its fiscal year that ends every Jan. 31. It signed 200 new clients – bringing its rooster to approximately 1,000 – hired 130 employees and added 50,000 freelancers to its roster of crowdsourcing hackers. The size of its pen testing offering doubled. Payouts to hackers grew by 34% after 50% growth in 2023.

“There’s immense amount of demand coming from the market for crowdsourced security testing,” he said.

Among the new services Bugcrowd is developing is threat hunting, Gerry said. Rather than stopping at vulnerability disclose, pen testers might go a step beyond to describe what they could do with the vulnerability – how an attacker would exploit it. It’s “starting to go down that path of red teaming without fully being in the red teaming space,” he said.

Similarly, pen testers might be able to determine whether an attacker has already exploited a vulnerability, he added. “We’re not going to pivot away from the core of what we do, we’re not trying to compete with a Mandiant or a Crowdstrike,” he said. “This is more about coming in, looking for vulnerabilities that exist, and giving customers insight into how they would potentially attack them.”

Gerry said other ideas about how to use crowdsourced hackers are under discussion. “That’s the one I can talk about right now.”

The company is content to stay private and a standalone company, for now. “Our focus at this point is building the most sustainable company we can. What that turns out into, whether it’s an acquisition in the future or an IPO in the future, all of those things are going to be on the table,” Gerry said.

“We’re not looking for an exit anytime soon,” he added.