To be fair, such bugs can easily be worth quite a bit more. If it can indeed automate finding RCEs and similar for everyone with a few $10k, then that’s suddenly way more accessible than paying a guy in a basement somewhere a million in shitcoins for that RCE.
Maybe. But I am talking about both above the table and more shady government programs. Ever wonder where the guys at Pegasus and friends get their exploits from? They aren’t all super great hackers, they buy a lot of stuff, or so I heard. After all, for someone without money, it is a hard decision to be paid a year’s wages right now or to go the responsible disclosure route, and potentially get nothing.
And iirc the advertised price for juicy bugs in common platforms and apps was quite substantial. So, according to demand and supply, the price for such exploits was rather high, and is now significantly lower.
Not to mention the Mythos red team report claims, even at the currently subsidized inference prices, it cost over $20,000 to find that OpenBSD bug
To be fair, such bugs can easily be worth quite a bit more. If it can indeed automate finding RCEs and similar for everyone with a few $10k, then that’s suddenly way more accessible than paying a guy in a basement somewhere a million in shitcoins for that RCE.
Or more likely, bounty programs will be shut down because of dealing with AI slop flooding their systems.
https://www.theregister.com/2026/01/21/curl_ends_bug_bounty/
Maybe. But I am talking about both above the table and more shady government programs. Ever wonder where the guys at Pegasus and friends get their exploits from? They aren’t all super great hackers, they buy a lot of stuff, or so I heard. After all, for someone without money, it is a hard decision to be paid a year’s wages right now or to go the responsible disclosure route, and potentially get nothing.
And iirc the advertised price for juicy bugs in common platforms and apps was quite substantial. So, according to demand and supply, the price for such exploits was rather high, and is now significantly lower.