Español
A new cybersecurity startup based in the United Arab Emirates, Advanced Security Solutions, has entered the zero-day market by offering some of the highest public bounties ever reported. The company is reportedly paying up to $20 million for exploits capable of compromising any smartphone through a simple text message.
Zero-day vulnerabilities—software flaws unknown to developers at the time of discovery—are extremely valuable, especially for governments, intelligence agencies, and law enforcement seeking advanced digital capabilities. Advanced Security Solutions has made headlines for offering competitive rewards across multiple platforms:
- $20 million for any mobile operating system.
- $15 million for Android and iOS zero-days.
- $10 million for Windows.
- $5 million for Google Chrome.
- $1 million for Safari and Microsoft Edge browsers.
While the company emphasizes its collaboration with governments and intelligence services worldwide, little is known about its ownership or funding. According to its website, the firm is staffed exclusively by individuals with over 20 years of experience in elite intelligence units and private military operations.
“We empower government agencies and law enforcement to operate with precision in the digital battlefield,” the website states. “We maintain continuous cooperation with over 25 governments globally, supporting high-stakes operations, including counterterrorism and narcotics enforcement.”
Despite its ambitious claims, Advanced Security Solutions has not responded to inquiries about ethical safeguards, legal restrictions, or the identity of its customers. Experts in the zero-day market caution against dealing with organizations that remain anonymous, highlighting the risks of selling exploits without transparency.
Market Context and Evolution
The zero-day market has grown dramatically over the last decade, both in terms of participants and bounty amounts. In 2015, companies like Zerodium offered up to $1 million for iPhone exploits. By 2018, Crowdfense increased the bounty to $3 million for similar vulnerabilities. Last year, Crowdfense raised its payouts to $7 million for iPhone zero-days and $5 million for Android, with additional bounties for popular messaging apps such as WhatsApp ($8 million) and Telegram ($4 million).
Advanced Security Solutions currently offers $2 million for zero-day exploits targeting messaging platforms like Telegram, Signal, and WhatsApp. Its approach follows the trend of escalating prices, reflecting both increased demand and the growing difficulty of breaching modern mobile and software systems due to enhanced security measures implemented by major tech companies.
Implications for Cybersecurity
The emergence of high-paying zero-day brokers like Advanced Security Solutions underscores the growing intersection of private cybersecurity research and government surveillance. While these tools can be used for national security purposes, they also raise ethical and legal questions regarding the sale of exploits to governments without clear oversight.
Industry analysts note that the most lucrative bounties often attract skilled hackers, but anonymity and lack of transparency can pose significant risks—both for the sellers and for global cybersecurity stability.
“The market for zero-days is expanding rapidly, but the ethical and legal implications cannot be ignored,” an anonymous security researcher told TechCrunch. “Selling exploits to undisclosed buyers is inherently risky and could have far-reaching consequences.”
Conclusion
Advanced Security Solutions’ public offer of up to $20 million represents a new peak in the zero-day marketplace. As mobile devices and messaging apps become increasingly central to daily life, the demand for sophisticated exploits will likely continue to rise. Companies, governments, and cybersecurity professionals must remain vigilant, balancing operational needs with ethical considerations and legal compliance to prevent misuse of these powerful digital tools.
