Latest news with #Bugcrowd
Yahoo
2 days ago
- Business
- Yahoo
Bugcrowd Unveils AI Connect to Speed Vulnerability Response, Adds Asset View for Full Attack Surface Visibility
New Bugcrowd platform capabilities empower customers to close security gaps faster through powerful internal AI and native attack surface visibility SAN FRANCISCO, Aug. 5, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, today announced AI Connect and Asset View—two innovations designed to help security teams detect, prioritize, and remediate vulnerabilities faster and with greater precision. "Security teams today are racing to scale operations with AI and automation, but they're often blocked by disconnected data and fragmented workflows," said Dave Gerry, CEO of Bugcrowd. "With AI Connect and Asset View, we're removing those roadblocks, giving customers seamless access to their real-time vulnerability data, unified asset visibility, and the ability to prioritize and act on real-world risk faster. These innovations reflect our belief that the future of cybersecurity is proactive, context-driven, and powered by both ethical hackers and intelligent automation, all delivered through one integrated platform." Bugcrowd AI Connect As security teams adopt AI-driven tools to automate workflows and scale operations, they often hit a critical roadblock: their AI systems lack access to real-time, high-value security data. Without direct integration into bug bounty, penetration test, and red team findings, teams are forced to manually cross-reference reports with internal systems. This slows response times and reduces the accuracy of remediation, creating a widening gap between AI's potential and its practical impact on security outcomes. Bugcrowd AI Connect solves this challenge by allowing customers to securely and seamlessly integrate their internal AI stacks with real-time vulnerability data from the Bugcrowd Platform. Acting as a read-only "front door," AI Connect ensures data stays secure while enabling AI agents to deliver contextualized, trustworthy remediation guidance — reducing response times and avoiding AI hallucinations, while also eliminating manual developer work and streamlining communication with development teams. Built on the open-source Model Context Protocol (MCP), AI Connect gives customers direct, live access to their Bugcrowd program data. It provides a native GenAI interface, allowing companies to explore and analyze findings, trends, and program performance within their preferred AI tools — without exporting, transforming, or reloading data. AI Connect allows customers to: Fix vulnerabilities faster with advice tailored to your environment: Get remediation guidance tailored to your specific environment, based on your actual code, security policies, and internal tools. This means no more generic, one-size-fits-all AI suggestions. Reduce manual effort and response time: Automate workflows that plug directly into your AI-Driven tools, eliminating the need to manually cross reference reports and documentation. Maintain full control over AI access: Enforce strict, role-based access, mirroring the exact permissions of each authenticated user in the Bugcrowd Platform. Integrate with any AI system: Built on the open-source Model Context Protocol (MCP), AI Connect offers the flexibility to connect vulnerability data to any tool and or workflow without vendor lock-in. Securely connect AI tools without complex development work: With developer-friendly MCP endpoints and OAuth 2.1 support, it's easy to securely plug into your enterprise environment with delegated access. "Bugcrowd AI Connect isn't just another AI feature; it's a foundational capability that empowers our customers to make the most of the tools they already have," said Braden Russell, Chief Product Officer, Bugcrowd. "We're giving them the secure building blocks they need to create truly intelligent security automation that works for their specific environment, reinforcing our commitment to an open, flexible, and developer-first ecosystem." Bugcrowd Asset View As organizations scale, keeping track of external-facing assets—such as applications, web servers, IP addresses, domains, email servers, and more, has become increasingly difficult. Assets are constantly changing, and security teams are often forced to rely on siloed, outdated, or incomplete data. This lack of visibility makes it difficult to scope penetration tests, monitor exposures, apply security fixes, or respond decisively to emerging threats—slowing down critical workflows and leaving dangerous security gaps. Natively integrated into the Bugcrowd Platform, Asset View turns assets into action by unifying asset discovery, management, scanning, and offensive testing into one seamless experience – no separate logins, instances, or standalone reports. Assets are continuously ingested through External Attack Surface Management (EASM) scans or manual uploads, then enhanced with critical metadata such as exposure status, business criticality, and risk-based prioritization. Once in Asset View, these assets become directly actionable, allowing teams to instantly focus the creativity of the crowd on their most critical targets, prioritize based on real-world risk, and maintain audit readiness with a complete history and status log. Asset View allows customers to: Achieve complete asset visibility: Continuously discover assets via External Attack Surface Management (EASM) scans or manual upload, and track changes in real time. This eliminates blind spots, including shadow IT. Enrich context for smarter prioritization: Assets are automatically enriched with data like exposure level, ownership, and business criticality, so teams can prioritize what matters most based on true risk, not just scan results. Seamlessly scope engagements: With just a few clicks, scope enriched assets directly into bug bounty, penetration test, or red team engagements. This accelerates workflows and reduces setup complexity. Activate data with human intelligence: Transform passive asset lists into a proactive defense by linking trusted asset data to the Crowd's ingenuity, uncovering the complex vulnerabilities that automated scans miss. Operate from one unified platform: By unifying asset management with offensive testing, Asset View eliminates the need to jump between tools, bringing simplicity, speed, and scale to your security operations. "Effective security testing hinges on knowing what to test, yet many teams struggle with fragmented insights into their ever-changing external digital assets," said Nick McKenzie, CI&SO, Bugcrowd. "Bugcrowd Asset View directly addresses this by unifying asset discovery, enrichment, and offensive testing into one seamless platform, powered by human ingenuity and real-world attacker insight." Bugcrowd at Black Hat USA Attendees of Black Hat USA 2025 can get a walkthrough of Bugcrowd AI Connect and Bugcrowd Asset View at the Bugcrowd Booth #4818. Both Bugcrowd AI Connect and Bugcrowd Asset View are currently planned for general availability in Q4 2025, with foundational features accessible to all customers at that time. Bugcrowd is also offering an Early Access Preview for AI Connect for interested customers. More information on both updates, please connect with us to learn more. About Bugcrowd We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our Platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit Read our blog. "Bugcrowd", "CrowdMatch" and "Security Knowledge Platform" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. Contact ICR for Bugcrowdpress@ bugcrowd@ View original content to download multimedia: SOURCE Bugcrowd Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Techday NZ
09-07-2025
- Business
- Techday NZ
Bugcrowd names Umesh Shankar to board, bolstering AI security
Bugcrowd has appointed Umesh Shankar, Corporate Vice President of Data, Privacy & Security Engineering at Microsoft AI, to its Board of Advisors, marking a notable step in the company's focus on AI security expertise. Shankar brings substantial industry experience to the advisory board. At Microsoft AI, he leads teams responsible for ensuring the privacy and security of AI products, with a particular emphasis on maintaining user trust through privacy-first engineering practices. He previously held pivotal roles at Google for more than 18 years. During his tenure there, Shankar served as Distinguished Engineer and Chief Technologist for Google Cloud Security. In these roles, he led key initiatives related to data protection, key management, authentication, authorisation, and insider risk controls. Shankar was also instrumental in integrating generative AI functionalities into Google's security offerings, which improved automated security management capabilities. Beyond Google Cloud, Shankar contributed to the development of Google Assistant, focusing on developer tools, identity, monetisation, and discovery. Shankar's academic credentials include a PhD and MS in Computer Science from the University of California, Berkeley, specialising in security and privacy. He also holds a BA in Computer Science from Harvard University. With the increasing adoption of AI across sectors, Bugcrowd has underscored its commitment to providing robust crowdsourced security solutions, particularly for organisations integrating AI into their operations. The company emphasises that incorporating Shankar's expertise is aligned with its strategy to expand its platform capabilities, especially in AI-powered security. "I'm inspired by Bugcrowd's mission to help organizations proactively uncover and address vulnerabilities, strengthening cybersecurity through collaboration and innovation. I am excited to join Bugcrowd's Board of Advisors to help contribute to its efforts as it explores new ways to harness AI, foster trust, and support organizations in addressing emerging security challenges," said Umesh Shankar. Dave Gerry, Chief Executive Officer of Bugcrowd, commented on Shankar's addition to the Board of Advisors, highlighting the growing importance of AI security frameworks for organisations. "AI is no longer just hype—it's now a core part of technology stacks across industries. However, many organizations are still early in building the security, policy, and governance frameworks needed to support it. At Bugcrowd, AI is embedded into the fabric of our platform, powering innovations like CrowdMatch and enabling secure, confident deployment of LLM-based applications. We're committed to helping organizations de-risk their AI initiatives with the insights and guidance they need. And we're honored to welcome Umesh to our Board of Advisors, his deep expertise will be an invaluable asset," said Dave Gerry, CEO of Bugcrowd. Bugcrowd's approach to crowdsourced cybersecurity involves leveraging the skills of a broad community of security researchers, or ethical hackers, to identify potential system weaknesses. The company's platform uses AI-powered tools such as CrowdMatch, which aims to efficiently connect organisations with relevant cybersecurity expertise for tackling specific risks. According to the company, integrating AI into its processes supports scalable and adaptive security solutions that respond to evolving threats. The addition of Shankar to the board is expected to bolster Bugcrowd's capacity to advance its AI-powered crowdsourced intelligence offerings. The company points to the growing need for sophisticated security, policy, and governance measures in the context of rising AI adoption worldwide. Bugcrowd indicates that this latest appointment reflects its broader strategy to support organisations in navigating the complex digital risk environment created by modern AI applications. Under Shankar's guidance, Bugcrowd aims to further refine its product suite and reinforce its resources for clients seeking to secure AI-related systems and data. The appointment comes at a time when industries are grappling with new challenges in maintaining digital trust and compliance as AI technologies become more integral to business operations. The company noted that Shankar's background in both technical development and strategic AI integration aligns with Bugcrowd's priorities in this evolving landscape.
Yahoo
17-06-2025
- Business
- Yahoo
Cybersecurity Jobs That Will Dominate 2026: INE Security Prepares Professionals for the Most Critical Roles
Cary, NC, June 17, 2025 (GLOBE NEWSWIRE) -- INE Security, a leading global cybersecurity training and IT security training provider, is releasing new analysis of cybersecurity roles that will dominate the 2026 job market. Based on a comprehensive analysis of industry data and research released at major cybersecurity conferences, including RSA Conference 2025, GISEC Global 2025, and worldwide Black Hat events, INE Security has identified cybersecurity job roles where the highest market demand intersects with hands-on technical expertise. "Skill shortages are a major concern throughout the cybersecurity industry, particularly in mission-critical roles,' said Tracy Wallace, INE Security's Director of Content Development. 'INE Security's hands-on cybersecurity training methodology creates job-ready professionals in the areas where technical expertise can make the greatest immediate impact. Our 3,100+ browser-based labs don't just teach concepts—they build the practical IT security training skills that organizations need right now." Critical Cybersecurity Roles Shaping 2026: Identity Security Posture Management (ISPM) Specialists: With identity-related breaches continuing to plague organizations, ISPM specialists will be essential for enterprises seeking to uncover and address identity risks across hybrid cloud and on-premises systems. RSAC 2025 emphasized new ISPM capabilities and innovations to protect passwordless environments, while major vendors announced ISPM solutions as core offerings. : Comprehensive Active Directory security training, Identity and Access Management courses, and privilege escalation techniques integrated across the eJPT and eCPPT learning paths provide unparalleled preparation for ISPM roles : More than 500 hands-on labs focused on identity security give professionals the practical expertise enterprises desperately need to secure hybrid environments Career Pathway: Clear progression from fundamental identity concepts to advanced enterprise identity architecture management Crowdsourced Red Team Specialists: The cybersecurity industry is exploring offensive security through distributed approaches. At RSAC 2025, Bugcrowd launched the industry's first Crowdsourced Red Team as a Service platform, connecting organizations to global networks of vetted ethical hackers for real-time, intelligence-led testing. This model brings the potential for massive scale and flexibility to traditionally resource-heavy security assessments. INE Security Training Advantage: Proven pentester training progression from eJPT (Junior Penetration Tester) through eCPPT (Certified Professional Penetration Tester) to eWPTX (Web Application Penetration Tester eXtreme) creates the exact ethical hacking expertise needed for distributed red team operations : Students practice authentic attack scenarios through browser-based labs that simulate crowdsourced testing environments : INE Security's pentester certifications are trusted by Fortune 500 companies globally, specifically for roles requiring hands-on offensive security expertise Mobile Threat Analysts: Cyber attackers are increasingly prioritizing mobile over desktop environments. Zimperium's 2025 Global Mobile Threat Report showed that smishing now comprises over two-thirds of mobile phishing attacks. Organizations need specialists focused exclusively on mobile security infrastructure. INE Security Training Advantage: The eMAPT (Mobile Penetration Testing) certification provides foundational mobile security expertise, positioning graduates for the expanding mobile defense field Expanding Curriculum: INE Security is developing advanced mobile defense training to address enterprise mobile threat intelligence and incident response Market Opportunity: As one of the few providers offering hands-on mobile security labs, INE Security graduates enter this high-demand field with immediate practical capabilities AI Security Specialists/Engineers: The demand for AI security expertise has reached unprecedented levels. RSA Conference 2025 featured over 100 sessions dealing with artificial intelligence, with attendees noting the event had transformed into "RSAI" rather than RSAC. GISEC Global 2025 was held under the theme 'Securing an AI-Powered Future,' emphasizing AI governance and digital ethics as critical areas requiring immediate attention. INE Security Training Advantage: INE Security's strong training materials in threat detection and analysis, combined with foundational AI skills, provide professionals with transferable skills applicable to AI security roles Market Opportunity: Represents the highest-growth career opportunity in cybersecurity as organizations deploy AI-powered security tools while defending against AI-enhanced attacks Industry Development: The cybersecurity training industry is scrambling to develop AI security courses to meet skyrocketing demand Cloud Security Engineers: Cloud Security Engineers are integral to organizational resilience as businesses accelerate cloud adoption. With 45% of organizations reporting unfilled cloud security roles and experienced professionals commanding salaries above $155,000 annually, this represents one of the highest-demand technical specializations. AWS Certified Security - Specialty is now recognized as one of the highest-paying technical cloud positions in the world, with an average global salary of $158,594. : Comprehensive cloud certification preparation across AWS, Azure, and Google Cloud platforms with dedicated learning paths for AWS Solutions Architect Associate, AWS SysOps Administrator Associate, Azure Security Engineer Associate (AZ-500), and Azure Administrator Associate (AZ-104) Hands-On Cloud Labs: 130+ hands-on labs specifically designed for cloud security scenarios, plus additional cloud security collections in Skill Dive for real-world practice Security-First Approach: INE Security's "learn by doing" cybersecurity education methodology ensures graduates develop practical cloud security skills that directly address enterprise needs for securing AWS, Azure, and GCP environments Training That Delivers Career Resilience INE Security's approach addresses the intersection of market demand and practical skills development: Immediate Market Entry: Identity security, red team operations, and mobile defense roles offer immediate career opportunities for technically skilled professionals Skills Premium: Organizations investing in cybersecurity education programs are overwhelmingly more likely to retain cybersecurity professionals, according to a 2024 LinkedIn workforce study, directly addressing skills shortages in high-demand technical roles Future-Proofing: As digital transformation accelerates, technical security roles address fundamental infrastructure needs that will intensify through 2026 and beyond Clear ROI: Professionals can immediately contribute to identity security, red team operations, and mobile defense initiatives with hands-on expertise "The convergence of identity threats, sophisticated attacks, and mobile vulnerabilities creates new opportunities for cybersecurity professionals who combine technical depth with practical experience," continued Wallace. "INE Security's strength lies in preparing professionals for roles where hands-on technical skills directly address critical business security needs." About INE Security INE Security is the premier provider of online networking and cybersecurity training and cybersecurity certifications. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths and preparation for professional certifications offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training for cybersecurity jobs while also lowering the barriers worldwide for those looking to enter and excel in an IT career. CONTACT: Kathryn Brown INE kbrown@
Forbes
13-06-2025
- Forbes
Google Chrome Warning Issued For Most Windows PC Users
Beware this hidden Chrome threat. This is another interesting month for Google's 3 billion Chrome users, with a U.S. government mandate to update all browsers by June 26 and another update warning this week as further vulnerabilities are discovered. But there's a very different Chrome threat to your PC, and it's much more difficult to find and fix. Already this month we have been warned by LayerX that 'a network of malicious sleeper agent extensions" are 'waiting for their 'marching order' to execute malicious code on unsuspecting users' computers.' A huge number of Chrome users have at least one extension installed, which is one of the browser's biggest security risks. Now Symantec warns that some of the most popular extensions it has analyzed, 'expose information such as browsing domains, machine IDs, OS details, usage analytics, and more.' The research team says 'many users assume that popular Chrome extensions adhere to strong security practices,' but that's just not the case. Symantec found that even some big-brand extensions 'unintentionally transmit sensitive data over simple HTTP. By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information.' More alarmingly, 'because the traffic is unencrypted, a Man-in-the-Middle (MITM) attacker on the same network can intercept and, in some cases, even modify this data, leading to far more dangerous scenarios than simple eavesdropping.' Bugcrowd's Trey Ford told me 'this is a very common way to compromise browsers for various outcomes, ranging from stealing credentials and spying on users, to simply establishing ways to very uniquely identify and track users across the internet. Ultimately this can manifest as a form of malware, and unavoidably create new attack surface for miscreants to attack and compromise a very secure browsing experience.' There's no easy answer to this one. Symantec says that while 'none of [the extensions] appear to leak direct passwords,' the data can still fuel attacks. 'The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks.' Symantec notified the developers behind the tested extensions (details in its report.) 'The overarching lesson,' the team says, 'is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share.' According to Keeper Security's Patrick Tiquet, 'this highlights a critical gap in extension security,' if and when 'developers cut corners.' He warns that 'transmitting data over unencrypted HTTP and hard-coding secrets exposes users to profiling, phishing and adversary-in-the-middle attacks – especially on unsecured networks.' The risk is especially acute for enterprises. 'Organizations should take immediate action by enforcing strict controls around browser extension usage, managing secrets securely and monitoring for suspicious behavior across endpoints. Just because a browser extension is very popular and has a large user base doesn't mean it's secure. Businesses must scrutinize all browser extensions to protect sensitive data and identities.'
Yahoo
07-05-2025
- Business
- Yahoo
Bugcrowd Joins AWS ISV Accelerate Program
Strategic Alliance Expands Bugcrowd's Go-to-Market Strategies, Leveraging AWS Network to Deliver Crowdsourced Security Globally DUBAI, May 7, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, announced today that it has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organization. Through participation in the AWS ISV Accelerate Program, the Bugcrowd Platform is now available for AWS on-the-ground sales team. Bugcrowd (PRNewsfoto/Bugcrowd) The Bugcrowd Platform delivers managed bug bounty, vulnerability disclosure programs, penetration testing as a service, red teaming, and AI safety testing, all powered by "The Crowd," Bugcrowd's global community of ethical hackers and pentesters. By integrating with AWS, Bugcrowd will empower new customers to identify and mitigate critical vulnerabilities within their cloud environments. This integration allows the AWS sales team to offer their customers a powerful, proactive security solution, ensuring robust protection against evolving cyber threats. "We're thrilled to join the AWS ISV Accelerate Program and bring the Bugcrowd Platform more directly to AWS customers," said Paul Ciesielski, Chief Revenue Officer, Bugcrowd." This collaboration allows us to directly connect with AWS field sellers, expanding our reach and helping more organizations proactively address their security needs. By simplifying the procurement process and providing seamless integration, we're making it easier for AWS customers to leverage the collective expertise of our global hacker community. Ultimately, partnering with AWS reinforces our commitment to delivering industry-leading capabilities to as many users as possible." Joining the AWS ISV Accelerate Program streamlines the procurement process for AWS customers, granting them simplified access to Bugcrowd's cutting-edge security capabilities. The AWS ISV Accelerate Program provides Bugcrowd with co-sell support and benefits to meet customer needs through collaboration with AWS on-the-ground sales team globally. Co-selling provides better customer outcomes and assures mutual commitment from AWS and its partners. This collaboration creates significant growth opportunities for Bugcrowd to leverage the extensive network and resources from AWS to deliver unparalleled security services, drive optimal customer outcomes, and align with strategic VARs.
