$2.5M
maximum Zerodium payout for iOS full chain remote jailbreak
21/41
V8 ACE exploits found by Claude Mythos on ExploitBench vs. zero for all others
10.5x
Claude Mythos performance advantage on ExploitGym benchmark
$35M
estimated value of findings identified by Claude Mythos on SCONE-Bench

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

The zero-day market exists because finding a previously unknown vulnerability in a high-value target takes months of expert work. Scarcity is the market's foundation. When AI systems can find those same vulnerabilities autonomously, the foundational assumption of scarcity changes. Claude Mythos solved 21 of 41 V8 JavaScript engine ACE challenges on ExploitBench while every other tool solved zero. That benchmark result is not just a research milestone: it is the first evidence of AI capability that could materially shift the supply curve of the exploit market.

How the Zero-Day Market Works

A zero-day is a vulnerability unknown to the vendor and for which no patch exists. The zero-day market is the ecosystem where these vulnerabilities are bought and sold before vendors are aware of them. The market has three tiers. The top tier is nation-state acquisition through brokers or direct purchase: government intelligence and military buyers paying premium prices for exclusive access to high-value targets like mobile operating systems, encrypted messaging apps, and network infrastructure. The middle tier is defense contractor and private intelligence firm acquisition for vetted government clients. The bottom tier is public bug bounty programs, where vendors pay researchers to find bugs in their own software, typically at prices far below market rates for offensive-grade research.

Key Brokers and Buyers

Zerodium (Washington DC, founded 2015 by Chaouki Bekrar) is the most transparent broker, publishing a public acquisition price schedule. Crowdfense (Abu Dhabi) operates a similar model serving government clients globally. MarketplacePWN, OffSec, and dozens of less visible entities operate in the same space. The dominant buyers are signals intelligence agencies (NSA, GCHQ, DGSE, BND, and equivalents), military cyber commands (US CYBERCOM, GCHQ NCSC, Unit 8200), and defense contractors acting as acquisition intermediaries. Corporate espionage buyers exist but represent a small fraction of market volume by value.

Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

Historical Pricing by Platform

Zerodium's published schedule (updated periodically) reflects relative exploit difficulty and target value. iOS full chain remote jailbreak: up to $2.5 million. Android zero-click full chain: up to $500,000. Chrome RCE plus sandbox escape: up to $250,000. WhatsApp or Signal zero-click: up to $1.5 million. Windows LPE: up to $200,000. VMM escape: historically $100,000 to $300,000. Network equipment (routers, firewalls) varies widely. Nation-state direct acquisition prices are reported by journalists and researchers to be 3 to 10 times higher than published broker rates for the most sensitive capabilities, because exclusive acquisition and operational security have additional value.

Supply and Demand Dynamics

Zero-day prices are high because supply is low. Finding a remotely exploitable zero-day in a hardened target requires expertise in reverse engineering, vulnerability research, exploit development, and target-specific knowledge. A competent exploit researcher might produce two to four weaponizable zero-days per year. The total global supply of high-value zero-days is limited by the number of researchers with the skills to find them. Demand from government buyers is relatively inelastic: intelligence agencies have mandated capability requirements and significant budgets. The result is a sellers market with prices reflecting scarcity.

How AI Changes the Supply Side

Claude Mythos scored 21 of 41 on ExploitBench's V8 ACE challenges. Every other tool scored zero. On ExploitGym, Mythos outperforms alternatives by 10.5 times. On SCONE-Bench, Mythos identified findings with an estimated aggregate value of $35 million. These benchmarks measure AI performance on synthetic vulnerability discovery tasks, not on live production targets. But they demonstrate that AI is approaching the capability threshold for autonomous vulnerability discovery in complex, real-world codebases. If AI tools can generate a meaningful fraction of the research output currently produced by elite human researchers, supply increases and prices face downward pressure.

Whether Prices Are Already Moving

The empirical evidence is early and fragmented. Brokers are not transparent about volume or pricing trends. Researchers who track the market report anecdotal evidence of increased supply in specific categories, particularly browser and JavaScript engine vulnerabilities, where AI-assisted research is most advanced. Whether this is translating to price compression is unclear: the final steps of weaponization and operational integration remain human-intensive, which means AI-discovered vulnerability information still requires significant expert work to become an operational exploit. The market impact is likely lagged, not immediate.

Nation-State Implications

If AI reduces the expertise bar for vulnerability discovery, it changes the offensive capability balance between nations with large pools of elite researchers and those without. Historically, sophisticated offensive cyber programs required years of investment in training highly specialized personnel. AI-assisted vulnerability research could allow nations with smaller technical workforces to develop meaningful offensive capabilities more rapidly. This is the democratization of offensive capability argument: the same dynamic that Project Glasswing represents for defense (AI enabling a small team to find what previously required hundreds) applies symmetrically to offense.

The Democratization of Offensive Capability Argument

The strongest form of the argument is: if Claude Mythos can find 21 V8 ACEs autonomously, what prevents an adversary from building a similar system and generating offensive capability at scale? The answer involves several friction points. Training a capable AI security system requires data, compute, and alignment work that limits who can realistically do it. Weaponizing a discovered vulnerability into a reliable operational exploit still requires human expertise. And a system generating many low-quality findings is less useful than a smaller set of reliable, weaponizable bugs. The democratization concern is real but the capability gap between discovery and operational exploitation remains significant.

Export Control and Policy Response: The Wassenaar Arrangement

The Wassenaar Arrangement is a multilateral export control regime covering conventional weapons and dual-use goods and technologies. In 2013, Wassenaar added controls on intrusion software, surveillance tools, and IP network surveillance systems. The controls on vulnerability research tools are contentious because they could restrict defensive security research alongside offensive tool export. The US Bureau of Industry and Security (BIS) has worked through multiple revision cycles trying to scope the controls narrowly enough to permit legitimate defensive and research use while restricting weaponized exploit export to adversarial nations. AI vulnerability discovery tools sit in an unresolved regulatory gray zone: the policy apparatus has not yet defined how Claude Mythos-class tools fit into existing export control frameworks.

What This Means for Defenders

If AI increases the supply of zero-days and compresses the expertise requirement for finding them, the defender implication is that the window between vulnerability creation and discovery narrows. Vulnerabilities that might have gone undiscovered for years because finding them required rare expertise will be found faster, either by defenders through programs like Glasswing, or by adversaries through equivalent offensive AI development. This argues for continuous AI-assisted vulnerability discovery as a defensive posture rather than periodic manual assessments, and for treating the attack surface as dynamically exposed rather than statically bounded by known vulnerabilities.

Zero-Day Market Pricing Reference and Defensive Budget Implications

The Mythos Brief includes a comprehensive zero-day market pricing reference covering all major target categories, broker comparison, and an analysis of how AI-scale discovery is likely to affect pricing over the next 24 months. It also includes a defensive budget implications model: how to translate zero-day market dynamics into security investment prioritization.

Subscribe to unlock Remediation & Mitigation steps

Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.

The bottom line

The zero-day market's pricing reflects the scarcity of expert vulnerability researchers. AI-assisted discovery threatens that scarcity. The organizations that will navigate this transition best are those treating their attack surface as already exposed rather than waiting for a known CVE to drive remediation. For the zero-day market pricing reference, the AI supply impact forecast, and the defensive budget implications model, access the Mythos Brief at decryptiondigest.com/mythos-brief.

Frequently asked questions

How much does a zero-day sell for?

Prices vary dramatically by target. Zerodium has published payouts of up to $2.5 million for iOS full chain remote jailbreaks, $500,000 for Android zero-clicks, and $200,000 to $400,000 for browser exploits. Nation-state direct acquisition prices are reported to be 3 to 10 times higher than broker rates for the most sensitive targets. Low-value targets (older software, limited deployment) may sell for $5,000 to $50,000.

What is Zerodium?

Zerodium is a Washington DC-based vulnerability acquisition firm founded by Chaouki Bekrar in 2015. It purchases zero-day exploits from independent researchers and resells them to government clients, primarily in the United States, Europe, and allied nations. Zerodium publishes a public acquisition program with maximum payout prices for different target categories, making its pricing structure more transparent than most other brokers.

Does AI vulnerability discovery lower zero-day prices?

The economic theory says yes: more supply of a scarce good lowers prices. The empirical evidence is early but directional. Brokers have reported increased supply of findings in categories where AI tools are active. Whether this translates to sustained price compression depends on whether AI-discovered bugs are equally weaponizable as human-discovered bugs, which requires additional exploit development that AI does not yet automate end-to-end.

Who buys zero-days?

The primary documented buyers are government intelligence and law enforcement agencies (NSA, GCHQ, and equivalents), military cyber commands, defense contractors acting as intermediaries for government clients, and private intelligence firms serving corporate and government customers. A smaller market exists for corporate espionage and financially motivated crime, though nation-state buyers dominate the high-price segment.

Is selling a zero-day legal?

In most jurisdictions, selling vulnerability information is legal if it does not violate computer fraud statutes through the discovery process itself. In the United States, no law explicitly prohibits selling zero-day information to domestic government buyers. Export controls under the Wassenaar Arrangement and US EAR regulations restrict exporting certain exploit tools to adversarial nations. The legal landscape is ambiguous and varies significantly by jurisdiction, buyer identity, and intended use.

How do vendor bug bounty payouts compare to zero-day broker prices?

Vendor bug bounty payouts are typically a fraction of broker market prices for the same vulnerability. A browser RCE that earns $30,000 through Google's bug bounty program may sell for $150,000 to $250,000 through a broker to a government buyer. The gap reflects exclusivity, weaponization support, and operational use rights that brokers provide and vendors do not. Researchers who prioritize financial return choose brokers; those who prioritize legal certainty, attribution credit, and continued access to vendor programs choose bug bounties.

Sources & references

  1. Zerodium Exploit Acquisition Program
  2. Crowdfense Vulnerability Research Hub
  3. Anthropic Project Glasswing ExploitBench
  4. Wassenaar Arrangement on Export Controls
  5. MIT Technology Review: The Zero-Day Market
  6. RAND Corporation: Zero Days, Thousands of Nights

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.