Over the years, ForAllSecure has been at the forefront of cybersecurity research and education. Whether through working with K-12 and higher education institutes on programs like PicoCTF and Mayhem Heroes, publishing cybersecurity research in partnership with institutions across the globe, or winning DARPA’s Cyber Grand Challenge, we’ve spent the last decade focused on advancing and expanding the possibilities that cybersecurity provides. Pushing the boundaries of what security testing means and delivering innovative solutions for development teams is what we do best.
Today, we’re proud to announce the next phase of that journey: A completely re-imagined Mayhem (Version 2.5 if we’re being exact) - built to deliver easy, comprehensive, actionable application security to developers worldwide.
We’re also debuting the mayhem.security website - a central home for everything Mayhem-related, from the latest news and blog posts, to upcoming events where you can see Mayhem in action, to product resources and documentation. By centralizing and consolidating everything needed to get started with Mayhem, we’re aiming to make it easier than ever for any developer, anywhere, to unlock powerful security testing with no false positives.
The ForAllSecure website will continue to be the home for information on our research, educational programs, professional services, and activities with programs like Mayhem Heroes and PicoCTF.
Our Journey: From ForAllSecure to Mayhem
You might know ForAllSecure as the team of professional hackers that won DARPA’s Cyber Grand Challenge. It was during that event that the seeds of Mayhem were sown and ForAllSecure’s vision was born: to create an application security platform that would address not only present challenges but also those that lie ahead.
Our commitment to cybersecurity excellence and our mission to automatically test the world’s software has driven us to conduct extensive academic research, emerge victorious in numerous high-profile CTF competitions, and win various awards throughout the years, including MIT Technology Review’s 50 Smartest Companies.
Along the way, we’ve taken ForAllSecure from a team of university researchers to a fully scaled company with offices worldwide, backed by NEA and KDT. After being launched as ForAllSecure’s first commercial product in 2019, Mayhem has grown from a competitive bot in the Cyber Grand Challenge to the world's most advanced application security testing technology.
Mayhem: Complete Application Security
The modern application attack surface spans your proprietary code, the third-party libraries you use, and the API that connects your application to our broader digital world. Managing this attack surface requires a unified platform. With Mayhem 2.5, we’ve unified ForAllSecure’s existing Mayhem for Code and Mayhem for API products into a single platform delivering comprehensive application security.
Developed by professional hackers, Mayhem goes beyond traditional application security techniques that power SCA, SAST and DAST solutions. Mayhem uses ‘attacker’ techniques like fuzz testing and symbolic execution combined with generative AI to create and execute thousands of tests every minute.
Mayhem runs in the background to identify vulnerabilities, pinpoint their causes, and determine the likelihood of an exploit. It then automatically validates every issue found, matches it to known CWEs or OWASP issues, creates regression tests, and delivers developers detailed guidance for where in the code the vulnerability was introduced—including stacktraces wherever possible.
This approach means that developers can stop spending precious hours triaging SAST, DAST and SCA reports, trying to sort through the noise of false positives, or reproduce issues. Every vulnerability Mayhem finds is real and reproducible with a single command—helping teams fix real issues faster.
What’s New in Mayhem 2.5
We hear from our customers that Mayhem helps them automatically expand test coverage, eliminates false positives from developer workflows, and gives their teams the confidence of automatically created and executed regression tests in every build. Now, with Mayhem 2.5, we’ve overhauled the user interface and backend to make it easier than ever to get started.
Some of the major enhancements are:
- Unified Project Management: Mayhem empowers you to seamlessly group code and API targets within a single project, simplifying and streamlining your security testing efforts.
- Automated Defect Tracking: Say goodbye to manual tracking! Mayhem automates the process of defect status tracking. Any fixes implemented are automatically detected and updated in subsequent runs, ensuring complete visibility and accountability.
- Enhanced Dashboards: Our new dashboards provide aggregated defect and fixed information, along with valuable trend analysis. Gain insightful and actionable data to improve your application security posture.
- Streamlined Onboarding: We understand the importance of a smooth onboarding experience. With Mayhem, we have completely revamped the process, making it easier than ever to add new teams, users, and projects.
Getting Started with Mayhem
Mayhem is a security platform that works like a development tool. No matter your pipeline, tools or workflows, you can seamlessly integrate Mayhem into the way you code and ship. No source code needed, no re-compiling required. Mayhem’s regression tests can be easily run in any unit testing solution, and Mayhem’s results sent directly into bug tracking or crash reporting systems for rapid remediation. Kick off Mayhem runs automatically through your CI pipeline, or run Mayhem from your IDE or command line.
Ready to see it in action? Visit app.mayhem.security to get started or get in touch with our team for a personalized demo today.
At ForAllSecure, and now at Mayhem, we have always been driven by our customers' needs and aspirations. We understand the challenges you face in today's rapidly evolving threat landscape, and we are committed to equipping you with the tools you need to succeed.
With the 2.5 Mayhem Release, we are delivering a comprehensive security testing solution that allows our customers and community to automatically test their software.
Visit mayhem.security to learn more about Mayhem, explore how it can revolutionize your security testing practices, and try it out for yourself.