Dave Gerry, CEO of Bugcrowd, and Ethical Hacker Justin Gardner( AKA Rhynorater) from the Bugcrowd platform, offer executive and hacker perspectives on addressing the mindset shift required for CISOs to embrace crowdsourced security as a core defence mechanism in an era dominated by fast-moving, AI-driven threats.

Dave Gerry, CEO, Bugcrowd

How has Bugcrowd evolved its approach to crowdsourced cybersecurity to stay ahead of emerging threats?

We’ ve obviously had to change a lot over the last 12 years to help our customers stay ahead of a rapidly changing threat landscape.

I think the biggest thing that we’ ve seen is how we engage with the crowd, how we leverage the ingenuity that exists there around giving customers real time access to the best security experts in the world.

When we first started in this business, it was all about helping customers identify bugs in their applications. It was bug bounty programs that quickly transitioned into vulnerability disclosure programs, where the crowd had the ability to apply some of the regulatory requirements.

And now as we fast forward through 2025, customers are leveraging the crowd for things like AI bias assessments – understanding the bias that exists in AI models they’ re either using or developing. They’ re leveraging us to do security testing against AI models. So as we’ ve moved forward into the offensive security testing space we’ ve seen more around Pen-Testing-as-a-Service, red teaming and helping to give customers access to the resources that they need because they’ re facing more threats today than they’ ve ever seen before.

What distinguishes Bugcrowd’ s platform from traditional vulnerability management solutions?

It all comes back to the crowd. If you look at a traditional vuln management platform, it’ s based on automation and scanners.

They play a role, and they’ re good for finding what I’ ll call the‘ low hanging fruit of security issues’ but really, when you want to start to get visibility into

The best way to find a security threat is to have somebody ultimately come in and manually look for one.

WWW. INTELLIGENTCISO. COM 51