Maybe. But I am talking about both above the table and more shady government programs. Ever wonder where the guys at Pegasus and friends get their exploits from? They aren’t all super great hackers, they buy a lot of stuff, or so I heard. After all, for someone without money, it is a hard decision to be paid a year’s wages right now or to go the responsible disclosure route, and potentially get nothing.
And iirc the advertised price for juicy bugs in common platforms and apps was quite substantial. So, according to demand and supply, the price for such exploits was rather high, and is now significantly lower.
Or more likely, bounty programs will be shut down because of dealing with AI slop flooding their systems.
https://www.theregister.com/2026/01/21/curl_ends_bug_bounty/
Maybe. But I am talking about both above the table and more shady government programs. Ever wonder where the guys at Pegasus and friends get their exploits from? They aren’t all super great hackers, they buy a lot of stuff, or so I heard. After all, for someone without money, it is a hard decision to be paid a year’s wages right now or to go the responsible disclosure route, and potentially get nothing.
And iirc the advertised price for juicy bugs in common platforms and apps was quite substantial. So, according to demand and supply, the price for such exploits was rather high, and is now significantly lower.