A mysterious startup based in the United Arab Emirates, Advanced Security Solutions, has entered the digital arms market with a staggering offer: up to $20 million for zero-day exploits capable of compromising smartphones via a simple text message. The company, which launched this month, is aggressively targeting security researchers to build a catalog of high-impact vulnerabilities for government and intelligence agency clients.
A Lucrative Market for Zero-Day Exploits
The firm has published a list of premium bounties that rank among the highest in the private sector. Beyond the $20 million top-tier reward for universal mobile operating system bypasses, the company is offering $15 million for specific Android and iPhone exploits, $10 million for Windows vulnerabilities, and $5 million for Chrome browser flaws. Smaller, yet significant, payouts of $1 million are earmarked for Safari and Microsoft Edge exploits.
Operational Secrecy and Client Base
Despite its bold entry into the market, the company remains shrouded in mystery. It has refused to disclose its ownership, funding sources, or the identities of its leadership team. On its website, the startup claims to provide tools to over 25 governments and intelligence agencies worldwide, specifically citing counterterrorism and narcotics control as its primary operational contexts.
The company maintains that its staff consists exclusively of veterans with over 20 years of experience in elite intelligence and private military contracting. However, Advanced Security Solutions did not respond to inquiries regarding its ethical guidelines, legal compliance, or whether it imposes restrictions on which regimes it supplies.
Market Context and Industry Skepticism
Industry experts suggest these prices, while high, reflect a broader trend in the cybersecurity world. As major tech companies fortify their devices, the difficulty—and cost—of finding vulnerabilities has skyrocketed. In recent years, firms like Crowdfense have set similar benchmarks, offering up to $7 million for iPhone exploits and $8 million for WhatsApp vulnerabilities.
A veteran security researcher, speaking on the condition of anonymity, noted that the $20 million figure is “in the ballpark” of current market valuations. However, the researcher expressed caution regarding the company’s lack of transparency: “I don’t think you should sell bugs to anyone who’s trying to hide who they are.”
Competitive Landscape
The startup’s pricing structure mirrors that of Operation Zero, a Russian-based entity that previously offered $20 million for similar exploits. Unlike the UAE-based firm, Operation Zero openly aligns itself with the Russian government, which creates significant legal hurdles for researchers in the U.S. and Europe who are prohibited from conducting business with such entities. By remaining anonymous and operating out of the UAE, Advanced Security Solutions may be attempting to bypass the legal restrictions that limit their competitors.