Advanced Security Solutions enters shadowy exploit market with record-breaking payouts
A Record-Breaking Bounty
A newly launched United Arab Emirates–based startup, Advanced Security Solutions, is offering up to $20 million for zero-day exploits — hacking tools that can compromise smartphones with a single message.
- The company’s $20M bounty applies to any mobile operating system exploit.
- Other posted payouts include:
- $15M for Android or iPhone zero-days
- $10M for Windows
- $5M for Chrome
- $1M for Apple’s Safari and Microsoft Edge
- Messaging app exploits are valued at $2M each for WhatsApp, Telegram, and Signal.
These figures make Advanced Security Solutions one of the highest-paying zero-day buyers in the world, at least among those that publicly list prices.
What Are Zero-Days?
Zero-days are software vulnerabilities unknown to the developer, making them highly valuable for hacking.
- Exploits can be sold to law enforcement, intelligence agencies, and militaries, who use them for surveillance and counterterrorism operations.
- They are also controversial: when undisclosed, they leave billions of ordinary users vulnerable to attack.
Who Is Behind Advanced Security Solutions?
The startup’s ownership and leadership remain opaque.
- On its website, the company claims to work with 25+ governments and intelligence agencies worldwide, providing tools for counterterrorism and narcotics control.
- It also says it is staffed by veterans of elite intelligence units and private military contractors with 20+ years of experience.
- However, it has not disclosed who funds, owns, or operates the company — raising questions in the security community.
Skepticism and Risks
Some experts warn against dealing with companies that hide their backers.
- “I don’t think you should sell bugs to anyone who’s trying to hide who they are,” one security researcher told TechCrunch.
- While the $20 million bounty may sound enormous, the researcher noted it is “low depending on how unscrupulous you are.”
The Zero-Day Market’s Evolution
The market for zero-days has grown dramatically over the past decade.
- In 2015, exploit broker Zerodium made headlines by offering $1M for iPhone hacks.
- By 2018, rival Crowdfense pushed the ceiling to $3M.
- In 2023, Crowdfense offered up to $7M for iPhone exploits and $5M for Android, while pricing WhatsApp exploits as high as $8M.
- Russian firm Operation Zero has also offered $20M, but only sells to the Russian government, limiting its pool of sellers.
With its record-high payouts, Advanced Security Solutions is positioning itself at the top of this market, though the secrecy around its clients and leadership may deter some researchers.
The Bigger Picture
As tech companies like Apple, Google, and Microsoft harden their software, finding new zero-days is becoming harder — and correspondingly more expensive.
Advanced Security Solutions’ arrival reflects both soaring demand and the geopolitical complexities of the exploit trade, where companies operate in the shadows and questions of ethics, legality, and national security loom large.
