If you know anything about Bugcrowd, you know that data is one of our most precious natural resources for bringing value to customers. After a decade of launching, managing, and optimizing cybersecurity programs for organizations like Atlassian, Cisco, CISA, MasterCard, OpenAI, SAP, and Tesla, we know exactly what success looks like across the entire customer journey, and we have the receipts to prove it.

For that reason, data science and infrastructure have always been, and will always be, a major area for R&D investments. One such investment is in knowledge graph technology, as a foundation for the rich data models that power the AI in our platform.

So, we thought it would be helpful to provide some details about how this all works.

What is a “knowledge graph?”

In data science, knowledge graphs represent relationships between data entities (e.g., people, places, and things) that often turn out to be insightful and unexpected. A knowledge graph comprises nodes, edges, and labels, with material or abstract things (e.g., people, places, or concepts) serving as nodes, edges connecting those nodes, and labels defining the relationships that create those connections. These data structures are stored and managed in specialized data stores called graph databases.

Here’s a visualization of a typical knowledge graph:

How do Bugcrowd Platform users benefit from knowledge graphs?

Knowledge graphs are a powerful tool for representing data entities and expressing relationships. For Bugcrowd—which has collected millions of data points over the past decade about vulnerabilities, attack surface/assets, remediation, and hacker skills and performance—they are ideal for understanding relationships between vulnerabilities and assets, vulnerabilities and skills, skills and hacker profiles, and every other permutation you can imagine. We call the data models that collectively reflect our platform’s entire historical dataset the Bugcrowd Security Knowledge Graph.

The Security Knowledge Graph powers data-driven outcomes that create long-term success for hackers and customers alike—including crowd matching, engineered triage, rich reporting and analytics, and recommendations. As the graph grows, the value delivered from those outcomes grows along with it. 

How does CrowdMatch utilize the Security Knowledge Graph?

For example, CrowdMatch AI, the technology in the platform that matches hackers and pentesters to customer engagements, is a key application of our Security Knowledge Graph. The “hacker matching” AI algorithm inside CrowdMatch evaluates the entire portfolio of a hacker’s performance and experiences on the Bugcrowd Platform, including: 

  • Points and rewards earned
  • Skills
  • Report volume
  • Report and communication quality
  • Testing accuracy
  • Depth of testing
  • Aggregate report impact 

This algorithm also continually updates its assessments based on new information. The algorithm then intelligently curates and optimizes a hacker team to an engagement’s specific needs across 100s of dimensions.

For more details about how this all works, take this 5-minute, interactive tour:



We hope you’ve learned something new about knowledge graphs, their value for crowdsourced cybersecurity, and their key role in long-term hacker and customer success on our platform!