Bugcrowd launches reinforcement learning environments to train AI on real software vulnerabilities
Bugcrowd Inc. launched Reinforcement Learning Environments, a platform using real software vulnerabilities to train AI models, leveraging technology acquired from Mayhem Security. The tool aims to bridge the gap between synthetic training data and real-world exploitability, offering hundreds of thousands of environments built from open-source code for AI labs to develop more effective security agents.
Bugcrowd Inc. introduced Reinforcement Learning Environments, a new platform designed to help AI labs train models on real software vulnerabilities instead of synthetic data. The product stems from Bugcrowd’s acquisition of Mayhem Security in November and is already being used by large language model providers. The company argues that current training data fails to replicate real-world vulnerabilities, causing AI models to struggle when encountering actual flaws. The platform provides hundreds of thousands of training environments, each constructed from open-source software with verifiable outcomes. AI agents are tasked with identifying bugs, triggering exploits, assessing vulnerability, and generating fixes, with objective scoring at every stage. Bugcrowd emphasizes that no customer data or researcher contributions are used in these environments. This launch builds on Bugcrowd’s earlier integration of Mayhem’s autonomous code and API testing tools, originally developed by Carnegie Mellon researchers David Brumley and Thanassis Avgerinos for the Defense Advanced Research Projects Agency. The company now focuses on equipping AI labs with the infrastructure needed to develop models capable of handling real-world security challenges. Bugcrowd also released ExploitBench, a framework for measuring AI models’ exploit-development capabilities. Both initiatives target a niche but critical segment of AI infrastructure, helping developers push agents beyond detection into validated exploitation and patching. Dave Gerry, Bugcrowd’s CEO, stated that the gap between AI training environments and real-world security is where vulnerabilities arise. The new RL Environments provide the necessary infrastructure for AI to learn from authentic vulnerabilities rather than approximations. Bugcrowd has raised approximately $180 million in funding, including a $102 million round in February 2024 and a $30 million round in April 2020, with investors such as General Catalyst, Blackbird Ventures, and Salesforce Ventures.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.