Mayhem by ForAllSecure

Promote this Nomination

Additional Info

Company size (employees)50 to 99
Headquarters RegionNorth America
Type of solutionCloud/SaaS


Mayhem is an autonomous application security platform for fast-moving development teams. It generates and runs thousands of tests against code and APIs and learns from each result to continually increase coverage. Mayhem uncovers bugs and vulnerabilities across every layer of applications, and gives developers verified, reproducible results so they can fix issues faster and ship safer applications. Teams at Cloudflare, Roblox, and the Department of Defense rely on Mayhem to identify and fix issues at machine speed and global scale.

The technology behind Mayhem
Mayhem uses a combination of techniques like fuzz testing, symbolic execution, and machine learning algorithms that create and execute thousands of tests every minute. These also continually prune duplicative tests and create additional inputs to expand coverage. This combination of techniques allows for rapid identification of issues; and ensures every result is actionable.

How Mayhem Fits in the Development Lifecycle
Mayhem’s continuous, ML-driven testing runs against feature or main branches to constantly uncover new issues. A test case for each issue is delivered to developers, who then leverage these minified test suites to verify fixes earlier in the development process, typically upon commits to working branches.

How we are different

- Traditional appsec solutions have a high false positive rate - 45% on average ( Mayhem delivers a copy/paste reproduction and backtrace for every issue found, so developers can pinpoint the bug or vulnerability instead of wasting time sorting through false positives.
- With minimal (or no) initial input, Mayhem will generate and execute thousands of tests, and use each result to improve test coverage while also optimizing the overall test suite for performance. This vastly reduces the burden of testing for developers - who can bypass manual test creation and test suite maintenance. Developers thus have more time to fix issues, and deliver features.
- Mayhem runs at rapid speed and scale across languages and layers. Third party components, open source, first party code, APIs - Mayhem tests the entire application stack. This allows teams with complex use cases to rely on a single platform that delivers a holistic picture of application and API risk, fix rate, and coverage. Teams no longer have to piece together reports from multiple tools to determine where to begin fixes - helping accelerate prioritization, fix and delivery.