A brand‑new, UAE‑based firm named Advanced Security Solutions is offering up to a staggering $20 million bounty for zero‑day exploits that allow government agencies to break into any smartphone via seemingly innocuous text messages—and additional payouts of $15M for Android and iOS (each), $10 M for Windows, $5 M for Chrome, and $1 M for browsers like Safari and Edge. The opaque startup claims ties to over 25 governments and emphasizes its elite, intelligence‑unit‑trained staff, but refuses to disclose details about ownership or ethical guardrails. Security insiders note that while the price range aligns with the current zero‑day market, anonymity raises serious concerns.
Sources: TechCrunch, Yahoo Finance
Key Takeaways
– Massive escalation in bounties: A dramatic increase in publicly advertised payouts underscores the highly competitive and lucrative market for undisclosed software vulnerabilities.
– Opaque ethical positioning: Lack of clarity around company backers, intent, and target nations raises moral and legal compliance questions.
– Market pressure driving prices: Tech firms are fortifying defenses, making zero-days harder to find—and more expensive on the open market.
In-Depth
A stealthy new player, Advanced Security Solutions, based in the UAE, is now dangling some of the richest zero-day bounties ever seen—up to $20 million for exploits that let agencies stealthily infiltrate any smartphone by simply sending a text message. They’ve even tiered payouts: $15M each for vulnerabilities in general mobile OSes like iOS and Android, $10M for Windows, $5M for Chrome, and $1M for browsers such as Safari and Edge.
According to the company’s own press, they already work with more than 25 governments and claim a staff trained by elite military and intelligence outfits. But—and this is a big red flag—they refuse to say who runs or funds them, or how they vet the governments they service.
Security pros see the payout range as typical for the zero-day broker market, yet they also caution that anonymity undermines credibility. There’s a sense that the anonymity could shield dealings even with questionable agencies. It’s worth noting the broader environment: governments and private contractors are increasingly paying premium rates to breach hardened devices, as found vulnerabilities grow scarcer and more costly.
At a time when national security, personal privacy, and tech accountability collide, this surge in bounty levels forces us to ask: who’s watching the watchers—and at what price?