Crowd of insects — the startup that leverages a database of half a million hackers to help organizations like OpenAI And the American government set up and manage bug bounty programs, cash rewards for freelancers who can identify bugs and vulnerabilities in their code – won its own cash reward to further expand its business: a seed round of 102 millions of dollars.
General Catalyst is leading the investment, with participation also from previous backers Rally Ventures and Costanoa Ventures.
Bugcrowd has raised more than $180 million to date, and while the valuation hasn't been disclosed, CEO Dave Gerry said in an interview that it's “up significantly” from its last round in 2020, a $30 million Series D. one of the startup's biggest competitors, HackerOne, was last rated at $829 million in 2022according to PitchBook data.
The plan will be to use the funding to expand operations in the United States and beyond, potentially including mergers and acquisitions, and to integrate more features into its platform, which – in addition to bug bounty programs – also offers services such as penetration testing and attack surface management. as well as training hackers to increase their skills.
This functionality is both technical and human.
Gerry jokingly describes Bugcrowd as “a dating service for people who break computers”, but in more formal terms it's built around a two-sided security market: Bugcrowd uses crowdsourced coders , who apply to join the platform by demonstrating their skills. Coders can be hackers who only work on freelance projects, or people who work elsewhere and do additional freelance work in their free time. Bugcrowd then matches these coders, based on these particular skills, to ongoing bounty programs among customers. These customers, in turn, range from other technology companies to any business or organization whose operations rely on technology to function.
In doing all of this, Bugcrowd has tapped into some important tech industry trends.
Organizations continue to develop more and more technology to operate, which means more applications, more automations, more integrations and much more data flow from the cloud to on-premises servers, from internal users to customers, and much more. All of this means more opportunities for errors or bugs in the code – places where an integration can create a security vulnerability, for example; or simply result in an element of coding no longer working as it should – and a greater need for in-depth work to identify these gaps.
Recent years have seen a profusion of new security tools, powered by AI, that aim to identify and remediate these vulnerabilities in a more comprehensive and automated manner. But it still hasn't replaced the role of human hackers. These hackers may work in a more manual manner or use automation tools to assist in their bug-finding efforts, but they will still have a critical role to play in how this technology might be directed. As computer science continues to grow in popularity as a discipline, this has produced a greater number of intelligent and technical people in the world who enjoy taking on this challenge, if only for the intellectual pursuit of the financial field. The most successful bug bounty hunters can succeed millions of dollars.
Gerry said the startup is growing more than 40% annually and is approaching $100 million in annual revenue.
The startup is now headquartered in San Francisco, having been founded in Australia by Casey Ellis, Chris Raethke and Sergei Belokamen (Ellis is still with the company as chief strategy officer. It now has “well over” 500,000 hackers and adds about 50,000 hackers per year to that figure, Gerry said, and now has some 1,000 customers after adding 200 customers last year.
“Costanoa has seen Bugcrowd grow from an innovative concept for early adopters to today becoming a force multiplier for Fortune 500 companies,” Jim Wilson, partner at Costanoa Ventures, said in a statement. “Bugcrowd's leadership team brings together seasoned experts with a deep understanding of cybersecurity trends and a proven ability to navigate the complexities of the industry. This next stage of growth under Dave's leadership will allow them to expand their product offerings to help security managers extract even more value from the crowd. We are excited to continue our partnership with the team to capture significant opportunities ahead.