Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Mayhem Security is an automated application security testing platform for developers and security teams, covering Code Security, API Security, and Dynamic SBOM. Its core approach is not just scanning, but using fuzz testing, proprietary symbolic execution, generative AI/ML, automated reproduction, and triage to validate vulnerabilities. It also emphasizes providing a Proof of Vulnerability for each finding, helping reduce false positives.
In terms of protection coverage, Mayhem is suitable for discovering code defects, validating OWASP API Top 10 issues in REST/gRPC APIs, reducing noise in runtime SBOM/SCA alerts, and running regression tests. On the API side, it supports OpenAPI, Postman Collections, HAR-to-OpenAPI conversion, Basic Auth, Bearer Token, Cookie, and custom authentication. On the code side, it supports Linux/Windows binaries, ARM/MIPS/PPC, containerized applications, network input, vECU fuzzing, and more. Deployment options are comprehensive, including hosted SaaS, private AWS/GCP/Azure cloud deployments, fully air-gapped installations, plus a Web UI, native CLI, and Docker CLI.
The platform provides a unified dashboard, SARIF reports, CWE tagging, predicted CVSS, reproduction commands, automatic deduplication, automated triage, regression testing, and code commit correlation. Integrations include GitHub, GitLab, Jenkins, Jira, Slack, CircleCI, Azure DevOps, Google Chat, and Travis CI. It also supports SAML/OpenID/OAuth, LDAP/AD, Webhooks, CycloneDX, SPDX, ZAP, AFL++, libFuzzer, and more, making it suitable for integration into mature CI/CD and DevSecOps workflows.
Pricing is not disclosed on the page; only a Get a Demo option is provided, suggesting a more enterprise-sales-oriented model. On compliance, Mayhem states that it can help support scenarios involving ED-203A/DO-356A, ISO 21434, UN 155/6, ISO 26262, NIST SSDF, SOC 2, EO 14028, and similar requirements. It also supports exporting tests, results, and proof of remediation, but these should not be interpreted as Mayhem’s own certification claims.
Its strengths include reproducible vulnerabilities, strong false-positive control, coverage across code/API/SBOM, flexible deployment, and rich integrations. Its drawbacks are the lack of transparent public pricing, and successful implementation depends on the maturity of API specifications, build environments, and development workflows. It is best suited for enterprises and teams in aerospace, automotive, government, healthcare, and other sectors with high requirements for software security and audit evidence.
The collected information does not provide details on network accessibility, payment options, or local support in China, so its access status is unknown. If domestic procurement, MLPS compliance, or localized services are required, users may also evaluate DevSecOps/application security products from Qi An Xin, NSFOCUS, Xmirror, Moresec, and others. International alternatives or complementary tools include Snyk, Black Duck, ZAP, StackHawk, GitHub CodeQL, AFL++, libFuzzer, and more.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on mayhem.security official site.
mayhem.security is an United States Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach mayhem.security directly.