Part 1The Decision Tree
Start here. Before assigning a dollar value, a vulnerability must pass through a series of gates. The first question isn't "how much?" — it's "is this real?" Most bugs gate out early. The ones that survive are worth pricing.
Many bugs are theoretical. If you can't demonstrate impact, you have a report, not an exploit. Gate out here — value is near zero.
Dowd's critical insight: an exploit you can't maintain is a depreciating asset on a timer. If the maintenance cost exceeds the value window, it's not worth developing.
Bug Bounty
Vendor-set price ceiling. Fastest payout, lowest value. Public disclosure timeline. No maintenance needed.
Government / Offensive
Highest individual prices. Exclusivity required. Maintenance obligations. Geographic restrictions. Longest sales cycle.
Broker / Intermediary
Market-rate pricing. Zerodium, Crowdfense models. Broker handles buyer matching. Commission cut. Fast payment.
Defensive / Vendor
Reputation value. CVE credit. Conference talks. Consulting leverage. Non-monetary or low monetary value.
Part 2Valuation Factors
Parts 2–5 are reference material. They define the inputs to the valuation formula. Skim these on first read, then come back when you're working through the examples in Part 8.
Each factor modifies the base value of a vulnerability. They're multiplicative — a weakness in any single dimension dramatically reduces total value.
| Factor | Range | Description |
|---|---|---|
R Reliability |
0.1 – 1.0 | Probability of successful exploitation per attempt. 1.0 = 100% reliable. |
C Chain Completeness |
0.2 – 1.0 | 1.0 = full chain (entry to objective). 0.2 = single primitive requiring other bugs. |
I Interaction |
0.3 – 1.0 | 1.0 = zero-click. 0.7 = one-click. 0.3 = complex user interaction required. |
P Persistence |
0.4 – 1.0 | 1.0 = survives reboot, full persistence. 0.4 = session-only, volatile. |
D Detection Risk |
0.3 – 1.0 | 1.0 = undetectable. 0.3 = high detection probability (noisy, logged, monitored). |
M Maintenance Cost |
0.2 – 1.0 | 1.0 = no maintenance needed. 0.2 = constant re-engineering with each patch cycle. |
S Shelf Life |
0.1 – 1.0 | 1.0 = years before likely patch. 0.1 = actively being investigated, patch imminent. |
Sc Scarcity |
0.5 – 3.0 | Supply-side multiplier. 3.0 = nobody else has this. 0.5 = common bug class on common target. |
E Exclusivity |
0.3 – 1.5 | 1.5 = exclusive sale, buyer gets monopoly. 0.3 = non-exclusive, others may have it. |
G Geographic Demand |
0.5 – 2.0 | Jurisdictional multiplier. 2.0 = target aligns with buyer's strategic priorities. |
N Novelty |
1.0 – 3.0 | First-of-kind exploitation technique bonus. 1.0 = known class. 3.0 = new attack surface. |
A Asymmetry |
1.0 – 5.0 | Ratio of effort to find vs effort to fix. Higher = harder to fix = more valuable. |
Part 3The Valuation Formula
This is the core of the framework. The base value comes from the target tier and bug class — what the bug is. Market multipliers then adjust for who's buying. Time decay erodes value from the moment of discovery. Don't let the math intimidate you — the worked examples in Part 8 show how it plays out in practice.
| V(t) | Estimated value at time t after discovery (USD) |
| Btarget | Base value from target platform tier (see Target Tiers table) |
| Bclass | Base value from bug class severity (see Bug Classes table) |
| R,C,I,P,D | Technical quality factors (reliability, chain, interaction, persistence, detection) |
| M × S | Maintainability group — maintenance cost × shelf life. These are coupled: low maintenance only matters if shelf life is long. |
| Sc,E,G | Market factors (scarcity, exclusivity, geographic demand) |
| N,A | Bonus multipliers (novelty, asymmetry) |
| e−λt | Time-decay function. λ varies by target: mobile ≈ 0.05/month, desktop ≈ 0.03/month, IoT ≈ 0.01/month |
The formula differentiates base value (target × class — what the bug is) from market multiplier (Sc × E × G — what the market wants). A Chrome zero-click RCE has enormous base value; its market multiplier depends on who's buying and what they need it for.
Part 4Target Platform Tiers
Not all targets are equal. A bug in iOS is worth orders of magnitude more than the same class of bug in a WordPress plugin — because the target is harder, the user base is larger, and the security investment is deeper.
| Tier | Btarget | Examples | Rationale |
|---|---|---|---|
| T1 | $1M – $9M | iOS, Android (Pixel/Samsung), Chrome, Safari, Windows kernel | Billions of users, hardened targets, massive security investment |
| T2 | $100K – $500K | macOS, Linux kernel, Edge, Firefox, Exchange, Signal | Large user bases, active security programs, regular patching |
| T3 | $25K – $100K | Enterprise SaaS (Salesforce, O365), VPN appliances, routers | High-value corporate targets, mixed patching discipline |
| T4 | $5K – $25K | WordPress, CMS platforms, smart home, consumer IoT | Large attack surface, low security investment, slow patching |
| T5 | $1K – $5K | Legacy SCADA/ICS, EOL devices, niche embedded systems | Small deployment base but potentially critical infrastructure |
Note: IoT and ICS targets can jump tiers when deployed in critical infrastructure. A $20 smart plug is T4; the same firmware in a power grid relay is T1-T2.
Part 5Bug Class Severity
What type of bug is it? A memory corruption vulnerability that gives you code execution is the gold standard. An information disclosure is useful but limited. The class determines the base multiplier.
| Class | Bclass | Examples |
|---|---|---|
| Memory Corruption (RCE) | 1.0 | Use-after-free, heap overflow, type confusion → code execution |
| Logic (Auth Bypass) | 0.8 | Authentication bypass, privilege escalation via logic flaw |
| Cryptographic | 0.7 | Weak key generation, padding oracle, protocol downgrade |
| Side-Channel | 0.6 | Timing attacks, cache-based leaks, speculative execution |
| Authentication / Session | 0.5 | Session fixation, token prediction, credential leakage |
| Information Disclosure | 0.3 | Memory leaks, path traversal reads, SSRF to internal data |
| Denial of Service | 0.1 | Crash bugs, resource exhaustion, amplification |
Part 6Insights from Mark Dowd
This is the most important section in the document. The formula gives you a number. Dowd's insights give you the thinking behind the number — and explain why most people get vulnerability valuation wrong.
Mark Dowd — co-author of The Art of Software Security Assessment, founder of Azimuth Security, and now director of Vigilant Labs — is one of the most accomplished vulnerability researchers alive. The principles below are drawn across his OffensiveCon 2022 keynote, BlueHat 2023 presentation, Risky Business HF13 interview, and his April 2026 appearance on the Three Buddy Problem podcast (ep. 95) with Ryan Naraine, Costin Raiu, and Juan Andres Guerrero-Saade — which extended the framework to address AI's impact on the marketplace.
"People dramatically underestimate maintenance cost. You find a bug, you write an exploit, and now you're on a treadmill. Every patch Tuesday, every point release, you're checking: did they break it? Did they change the heap layout? Did they add a mitigation? That cost is ongoing and it compounds."
"Stockpiling in the traditional sense — hoarding dozens of exploits against the same target — is irrational for a Five Eyes-style buyer. Mitigations don't kill one bug; they kill entire classes. One ASLR improvement, one sandbox hardening, and your entire stockpile for that target is degraded simultaneously."
"We're approaching an inflection point where, for hardened targets, it's getting harder to hack than to secure. The cost curve is crossing. That doesn't mean bugs stop existing — it means the economics flip. Finding becomes more expensive, maintaining becomes more expensive, and the buyer needs to pay for all of it."
"The detection environment has fundamentally changed. It's not just about whether your exploit works — it's about whether using it gets you caught. Attribution capability is a tax on every operation, and it increases the effective cost of deployment."
Key Economic Principles (Derived from Dowd)
| Principle | Implication |
|---|---|
| Maintenance cost is the hidden variable | An exploit's TCO is discovery + development + ongoing maintenance. Most valuations only count the first two. |
| Mitigations kill classes, not instances | Stockpiling multiple bugs of the same class against the same target is building on sand. |
| Detection changes value retroactively | A burned exploit isn't just worthless — it's negative value (attribution, diplomatic cost, capability exposure). |
| The cost curve is crossing | For T1 targets, the asymmetry is shifting toward defenders. This increases 0day prices but decreases ROI. |
| Effort to find vs effort to fix (asymmetry) | Bugs where the fix requires architectural change (not just a patch) command premium because they persist longer. |
April 2026 Update: AI's Impact on the Marketplace
In his April 2026 conversation on the Three Buddy Problem podcast, Dowd extended the framework to address how generative AI is reshaping vulnerability discovery, exploit development, and vendor response. Five additional principles emerge.
"People who have a very in-depth technical knowledge of certain platforms or codebases have an advantage with AI acting more as a false force multiplier for them than they would for someone else. [...] If you have an LLM evaluate and hypothesize about vulnerabilities in a particular codebase, all of it sounds pretty good, like it all sounds pretty plausible. An experienced person can go, 'Well, I know that's not a thing. Let's spend our time on this.'"
"The vendors have access to the same technology and in general dramatically more compute, not to mention potentially exclusive access to things like Mythos. They have the ability to find the vulnerabilities at scale and improve the throughput of their patching. [...] As the cost of development goes towards zero, it's not that difficult for them to rearchitect significant blocks of not just the vulnerable code but their infrastructure, their patching infrastructure or whatever — they can change things significantly that before were like 'ah, this is going to be like a two-year effort.'"
"Vulnerabilities are themselves becoming less valuable in and of themselves. [...] Provable and exploitable ones will retain a high value, but they might lose value or undergo some kind of product change based on the fact that the expectation of them lasting for any length of time will probably drop."
"Consumers of these products don't actually care about exploits, and they also don't care about the complexity of them. They're trying to achieve an effect, and that's all they care about. If a shell script did it, they would be like 'great, we'll pay for it.'"
"The less sophisticated the vendor, the more likely you are to be able to pop out a zero day with an LLM — and they're also the people less likely to patch it in a short space of time. [...] If anyone could just pop out an exploit in things even less than the premier vendors, that could cause pockets of catastrophe."
Additional Principles (AI Era)
| Principle | Implication |
|---|---|
| AI is a false force multiplier | LLM hypotheses all sound plausible; only experienced researchers can filter them. AI widens the gap between top-tier shops and novices instead of democratizing the high end. |
| AI is symmetric — defenders gain too | Vendors get the same models with more compute and (often) exclusive access. Patching throughput rises; previously prohibitive multi-year refactors become feasible. |
| Discovery commoditizes; weaponization remains craft | Raw vulns trend toward zero value as expected shelf life shrinks. Provable, productized, reliable exploit chains retain — and may concentrate — value. |
| Buyers pay for effects, not exploits | Price is bounded by the cheapest path to the same outcome. Endpoint exploitation competes with cloud takeover, SS7, supply chain, and human intelligence — whichever delivers the effect. |
| Sophistication segments the blast radius | Premier vendors absorb AI-driven discovery shock via patching velocity and architectural rewrites. Long-tail vendors get hit twice — easier to exploit AND slower to patch — producing localized "pockets of catastrophe." |
Part 7Same Bug, Different Markets
Here's where the framework gets practical. The same vulnerability — identical code, identical impact — has radically different value depending on who's buying. This table illustrates the gap using a hypothetical iOS zero-click RCE with full chain.
| Market | Estimated Value | Timeline | Obligations |
|---|---|---|---|
| Apple Bug Bounty | $500K – $2M | 30-90 days to payment | Disclosure to vendor. Public credit optional. |
| Broker (Zerodium/Crowdfense) | $2.5M – $9M | 7-30 days to payment | Exclusivity period. No disclosure. Crowdfense 2024: up to $7M iOS, $9M zero-click SMS/MMS chains. Prices inflating ~44%/yr. |
| Government Direct (Five Eyes) | $3M – $20M | 60-180 days (procurement) | Exclusivity. Maintenance contract. Security clearance may be required. |
| Defensive / Conference | $0 – $50K | Immediate (reputation) | Responsible disclosure. CVE coordination. Talk submission. |
These ranges are illustrative and based on publicly known pricing (Zerodium published price list, Apple Security Bounty program, historical government contract leaks). Actual prices are negotiated and vary significantly.
Part 8Worked Examples
Theory is nice. Let's run the numbers. These two examples show the formula in action across the lowest-value and highest-value paths — a WordPress plugin bug reported through a bounty program, and an Android zero-click chain sold to a government buyer.
Example A: Bug Bounty Path — WordPress Plugin SQLi
A SQL injection in a popular WordPress plugin (10M+ installs) allowing unauthenticated data extraction. Reported through the vendor's bug bounty program.
Bclass = 0.5 (auth-adjacent — SQLi leading to credential extraction)
R = 0.9 (highly reliable, standard SQLi)
C = 0.6 (data extraction only, no RCE)
I = 0.9 (unauthenticated, one HTTP request)
P = N/A (not applicable for bounty path)
D = N/A (not applicable — reporting, not operating)
M = 1.0 (no maintenance for bounty)
S = 0.8 (plugin slow to patch, but will eventually)
Sc = 0.7 (SQLi in WordPress plugins is not rare)
E = 0.3 (bounty = vendor knows, non-exclusive by nature)
G = 1.0 (universal target)
N = 1.0 (known class)
A = 1.5 (architectural — prepared statements require refactor)
t = 0 (reporting immediately)
V(0) = $15,000 × 0.5 × 0.9 × 0.6 × 0.9 × 0.8 × 0.7 × 0.3 × 1.5
V(0) ≈ $1,020
Reality check: Typical WordPress plugin bounties range $250 – $5,000. The formula produces a mid-range estimate consistent with market data. The low exclusivity factor (0.3) heavily discounts bounty-path value.
Example B: Offensive Market Path — Android Zero-Click RCE
A zero-click RCE in Android's messaging stack affecting Pixel and Samsung devices, achieving persistent implant. Sold through a broker to a government buyer.
Bclass = 1.0 (memory corruption, full RCE)
R = 0.85 (reliable but ASLR means ~85% first-try success)
C = 1.0 (full chain — entry to persistent implant)
I = 1.0 (zero-click)
P = 0.9 (survives reboot via system service persistence)
D = 0.7 (some EDR risk on managed enterprise devices)
M = 0.5 (monthly Android patches require constant re-testing)
S = 0.4 (Android patches monthly — expected life ~4-6 months)
Sc = 2.5 (very few researchers find full Android chains)
E = 1.5 (exclusive sale to single buyer)
G = 1.5 (Middle East/APAC government demand for Android targets)
N = 1.5 (novel entry point via messaging stack)
A = 3.0 (fix requires architectural messaging redesign)
t = 0
V(0) = $1,500,000 × 0.85 × 0.9 × 0.7 × 0.2 × 2.5 × 1.5 × 1.5 × 1.5 × 3.0
V(0) ≈ $2,170,000
Reality check: Zerodium's published price for Android full chain + persistence is $2.5M. Crowdfense has offered up to $3M. The formula's output is in the right ballpark. Note how the maintenance × shelf life group (M × S = 0.2) significantly drags down value — this is Dowd's key insight in action.
Part 9Temporal Value Curve
A vulnerability's value isn't static. It follows a predictable lifecycle from discovery through eventual death. The decay rate (λ) depends on the target's patch cadence and the broader detection environment.
Value Over Bug Lifetime
| Phase | Value State | Duration (typical) |
|---|---|---|
| Discovery | Potential — unproven, no exploit | Hours – weeks |
| Development | Increasing — exploit being built and tested | Days – months |
| Peak | Maximum — reliable exploit, undisclosed, no detection | Days – weeks |
| Sale / Deployment | High — transferring to buyer, first operational use | Weeks |
| Active Use | Declining — each use increases detection risk | Weeks – months |
| Aging | Eroding — target patching, mitigations improving | Months |
| Decay | Low — likely detected or near-patched, maintenance expensive | Weeks |
| Death | Zero — patched, detected, or mitigation makes it inoperable | Permanent |
Part 10The Stockpiling Revision
Parts 10–15: Buyer Models. The formula tells you what a bug is worth in the abstract. These sections explain who's buying, why, and how their economics differ. Each model represents a genuinely distinct way of valuing vulnerabilities.
Dowd's argument that stockpiling is irrational holds for the Five Eyes boutique model — but it breaks down under a different set of assumptions. The Chinese state model demonstrates that stockpiling can be rational when the parameters change.
Quality Over Quantity
Small number of high-value, high-maintenance exploits targeting hardened T1 platforms. Each exploit is a precision instrument, maintained by a specialized team. Stockpiling is irrational because:
- Maintenance costs compound per-exploit
- Class-kill mitigations wipe stockpiles
- Detection of one can burn operational patterns
- Small teams can't maintain dozens of chains
High Vintel, high Cmaintain — works only with few, carefully chosen targets.
Quantity at Scale
Large volume of cheap-to-find bugs across T3-T5 targets. Stockpiling is rational because the parameters are fundamentally different:
- Target maintenance cost is near-zero (unpatched devices)
- Bugs in legacy targets survive years without maintenance
- Volume compensates for individual burn risk
- Strategic pre-positioning values access, not individual exploits
- State-scale teams can maintain hundreds of capabilities
Value = aggregate access × strategic positioning × time held. Individual bug value is irrelevant.
Volt Typhoon, Salt Typhoon, Flax Typhoon — all demonstrate this model. 200K+ compromised devices via commodity vulnerabilities in routers, VPN appliances, and IoT. The bugs aren't valuable individually; the network of access is the asset.
The revision doesn't invalidate Dowd's insight — it contextualizes it. Stockpiling is irrational when maintenance costs are high and targets are hardened. It becomes rational when maintenance is near-zero, targets don't patch, and the value model is aggregate strategic access rather than individual exploit deployment.
Part 11Model C: Initial Access BrokersExtended
Access as Product
This is the model that breaks the traditional "bug value" framing entirely. Initial Access Brokers (IABs) don't sell exploits — they sell access. An RDP session, a VPN credential, a domain admin foothold. How they got in is irrelevant to the buyer. This makes IAB economics completely decoupled from exploit quality — a phished credential is worth the same as a zero-day-obtained foothold.
IAB Pricing Logic
IAB pricing follows revenue/sector tiers rather than technical exploit quality. Research from KELA and Cyjax shows consistent pricing bands:
| Access Type | Median Price | Range |
|---|---|---|
| RDP access (single host) | $500 | $100 – $2,000 |
| VPN credentials (corporate) | $1,500 | $500 – $5,000 |
| Web shell (admin panel) | $1,000 | $300 – $3,000 |
| Domain Admin access | $5,000 | $1,000 – $50,000 |
| Citrix/VDI access | $3,000 | $1,000 – $10,000 |
| Rev | Target company revenue tier — higher revenue = higher ransom ceiling for buyers |
| Depth | Level of access: user (0.3), local admin (0.6), domain admin (1.0) |
| Freshness | How recently validated: today (1.0), this week (0.8), this month (0.5) |
| Sector | Healthcare/finance/legal = 1.5×. Education/non-profit = 0.5×. |
Key insight: IAB economics are completely decoupled from exploit quality. A phished VPN credential is worth the same as a zero-day-obtained foothold. The buyer doesn't care how you got in — just that you're in and they can use it.
Part 12Model D: Ransomware IndustrialExtended
ROI-Driven Expected Value
Ransomware operations treat vulnerability exploitation as a business investment with calculable returns. The RaaS (Ransomware-as-a-Service) ecosystem has professionalized this to the point where operators think in terms of expected value per campaign, affiliate margins, and customer (victim) acquisition cost.
| Ppay | Probability of payment (~30-40% per Coveware/Chainalysis data) |
| Ravg | Average ransom demand ($1.5M median in 2025 per Sophos) |
| N | Number of targets hit per campaign |
| Caccess | Cost of initial access (IAB purchase or exploit development) |
| Cinfra | Infrastructure cost (C2, hosting, leak sites) |
| Claunder | Money laundering cost (~15-30% of proceeds via mixers) |
The RaaS affiliate model means the actual ransomware operator keeps 70-80% of ransom payments. For a campaign hitting 10 targets with a 35% payment rate and $1.5M average ransom:
EV = $5,250,000 − $820,000
EV = $4,430,000 (affiliate share: ~$3.5M)
This explains why ransomware groups will pay $50K+ for IAB access — the ROI is massive. It also explains why they rarely need 0days: the ROI on cheap access to unpatched targets far exceeds the ROI on expensive 0days against hardened ones.
Part 13Model E: Chaotic & Anti-Economic ActorsExtended
When the Framework Breaks
Everything above assumes attackers use vulnerabilities. These groups don't. Lapsus$, Scattered Spider, and hacktivist collectives achieved access to Microsoft, Nvidia, Uber, MGM, and Caesars — all T1 organizations — without a single 0day. They bypass exploit economics entirely, using social engineering, SIM swapping, and credential markets instead.
Primary Vectors (Non-Exploit)
| Vector | Cost | Effectiveness |
|---|---|---|
| SIM swapping | $500 – $2,000 | Bypasses MFA entirely |
| Social engineering (helpdesk) | $0 (time only) | Targets the human layer |
| Credential purchasing (logs) | $10 – $500 | Infostealer output on dark markets |
| Insider recruitment | $5,000 – $50,000 | Bypasses all technical controls |
| MFA fatigue/bombing | $0 | ~5-10% success rate per target |
The lesson: your vulnerability economics framework is irrelevant if the attacker isn't using vulnerabilities. The cheapest vectors on this table — social engineering and credential markets — produced the highest-profile breaches of 2022-2024.
For hacktivists, the value function is entirely different: V = visibility × political impact. A defacement of a government website or a data leak from a controversial company has enormous value to the actor despite zero monetary return. This inverts the entire framework — the "bug" might be a publicly known CVE, but the impact value is determined by target symbolism, not technical sophistication.
Part 14Model F: Commercial Surveillance Vendors2026 Update
Amortized Exploitation at Scale
Commercial Surveillance Vendors (CSVs) — NSO Group, Intellexa, Paragon, Candiru, QuaDream — represent a fundamentally different economic model from any government buyer. Where Model A purchases a capability for exclusive use by a single agency, CSVs license the same capability to dozens of government customers simultaneously. This transforms the economics from a single transaction to a recurring revenue stream.
Google's Threat Intelligence Group tracked 8 zero-days attributed to CSVs in 2024 — more than any single nation-state. NSO Group is actively seeking US market re-entry with a 2026 transparency report, and American investors took controlling ownership in late 2025. At least 25 states adopted guidelines for responsible behavior around commercial cyber intrusion tools in April 2025, but enforcement remains minimal.
| License | Per-customer annual fee ($2-8M per government customer per year) |
| N | Number of concurrent government customers (NSO reportedly had 40+ at peak) |
| T | Contract duration (typically 1-3 year terms with renewal) |
| Cfind | Discovery cost — amortized across all customers, making per-customer cost minimal |
| Cmaintain | Maintenance cost — shared burden, but a chain burned by one customer burns it for all |
| Clegal | Legal/regulatory cost — sanctions, lawsuits, export controls. Increasingly the dominant cost center. |
Why This Is Distinct from Model A
| Dimension | Model A (Five Eyes) | Model F (CSV) |
|---|---|---|
| Exclusivity | Single buyer, exclusive use | Multi-tenant, shared capability |
| Revenue model | One-time purchase + maintenance contract | Recurring SaaS-style licensing |
| Burn risk | Buyer controls operational tempo | Any customer can burn the chain for all |
| Cost amortization | Full cost borne by single buyer | Cost spread across 10-40+ customers |
| Price per customer | $3M-$20M per chain | $2-8M/yr per license (chain shared) |
| Regulatory exposure | Sovereign immunity | Wassenaar, EU CRA, sanctions, lawsuits |
The critical vulnerability of this model: a single Citizen Lab or Amnesty Tech exposure can trigger cascading customer loss, sanctions, and litigation. Legal/regulatory cost (Clegal) is growing faster than any other cost in the model. NSO's 2021 US entity listing, Intellexa's 2024 EU sanctions, and the Pall Mall Process represent structural headwinds that don't exist for Model A buyers.
Part 15Model G: Defensive Intelligence2026 Update
Buying Bugs to Build Shields
Defensive intelligence buyers — Trend Micro's Zero Day Initiative (ZDI), Google's Threat Analysis Group, CrowdStrike, Recorded Future, and Mandiant — purchase or discover vulnerabilities not to exploit them, but to build detection signatures, threat intelligence products, and protective capabilities for their customers. The value function is inverted: a bug's worth is proportional to how many customers can be protected, not compromised.
| Nprot | Number of customers protected by the resulting detection/signature |
| Severity | CVSS-like severity — higher severity = more customer value |
| Speed | Time advantage over public disclosure — hours/days of exclusive protection |
| Cacq | Cost to acquire: bounty payment, researcher salary, or purchase from third party |
The ZDI Model in Detail
Trend Micro's Zero Day Initiative is the clearest example. ZDI purchases vulnerabilities from external researchers, writes IPS/IDS signatures for Trend Micro's TippingPoint and Deep Security customers, then coordinates responsible disclosure with the vendor. The economics:
| Step | Action | Economic Logic |
|---|---|---|
| 1 | Purchase vulnerability from researcher | $5K-$200K depending on severity and target |
| 2 | Write detection signature | Immediate protection for TM customers (competitive advantage) |
| 3 | Coordinate disclosure with vendor | Goodwill + responsible ecosystem participation |
| 4 | Vendor patches | ZDI customers were already protected; everyone else patches now |
ZDI has processed over 10,000 vulnerability submissions, making it the world's largest vendor-agnostic vulnerability purchase program. The economic insight: ZDI can pay less than offensive brokers for the same bug because the researcher gets responsible disclosure, CVE credit, and reputation — non-monetary value that reduces the cash price required.
Why This Matters for the Framework
Defensive intelligence creates a price floor for vulnerability discovery talent. Even as offensive markets become more regulated and morally fraught, researchers have a legitimate, legal, reputation-building path to monetize their skills. This is the market segment that prevents the Red Team's "talent drain" scenario from fully materializing — it provides an alternative to the offensive pipeline that doesn't require NDAs, export controls, or moral compromise.
It also creates an interesting economic dynamic: the same vulnerability has positive value to both attacker and defender, but for inverse reasons. The attacker values it for exploitation potential; the defender values it for detection potential. This means vulnerability discovery is not zero-sum — it generates value on both sides of the equation simultaneously.
Part 16AI-Powered Discovery: The Supply Shock2026 Update
Parts 16–17: What's Changing. The framework above describes the market as it exists. These sections describe the two forces reshaping it: AI-powered vulnerability discovery and the collapse of the n-day weaponization window.
Between 2024 and 2026, AI-assisted vulnerability discovery moved from research demo to production tool. Google's Big Sleep found real zero-days in SQLite. DARPA's AIxCC competition saw detection rates jump from 37% to 86%. This isn't hypothetical anymore — it's a supply-side shock that changes every variable in the framework above.
What's Actually Working
| Capability | Status (2026) | Economic Impact |
|---|---|---|
| LLM-guided fuzzing | Production — Google Big Sleep (Project Zero + DeepMind) found exploitable stack buffer underflow in SQLite (CVE-2025-6965, CVSS 7.2). In one case, intercepted a 0day known only to threat actors before exploitation. | Reduces Cfind by estimated 10-50× for known bug classes in C/C++ code |
| AI code review | Production — GitHub Copilot, Semgrep AI, CodeQL + ML models shipping | Defenders find bugs faster too — compresses shelf life (S) |
| Automated exploit generation | Research → Production — DARPA AIxCC detection jumped from 37% to 86% of vulns between semifinal and final. Team Atlanta ($4M prize). 4 of 7 systems open-sourced. | Reduces Cdev, but reliability (R) still requires human tuning |
| Variant analysis | Production — LLMs excel at "find more bugs like this one" | Dramatically increases supply for known classes → reduces Scarcity (Sc) |
| Patch diffing automation | Production — AI-accelerated binary diffing is routine. GPT-4 generated working exploits for 87% of n-day vulns given CVE descriptions (UIUC 2024 study). | Compresses patch-to-exploit timeline → accelerates time-decay (λ). Average time-to-exploit collapsed to 5 days (2024), with 29% exploited on disclosure day. |
Impact on the Formula
AI discovery doesn't change the formula's structure — it changes the input values:
| Factor | Pre-AI | Post-AI | Direction |
|---|---|---|---|
| Discovery cost | High (human researcher months) | Lower (AI finds variants in hours) | ↓ Supply increase → downward price pressure |
| Scarcity (Sc) | High for many classes | Lower for AI-accessible classes | ↓ More supply of known patterns |
| Shelf Life (S) | Months-years for some targets | Compressed — defenders use AI too | ↓ Faster discovery = faster patching |
| Novelty (N) | Premium for new techniques | Increased premium — AI can't find truly novel bugs | ↑ Human creativity premium grows |
| Asymmetry (A) | Varied | Shifts toward defender for known classes | ↓ for known classes, unchanged for novel |
Dowd's inflection point observation — "it's getting harder to hack than to secure" — is being accelerated by AI, but asymmetrically. For known bug classes, AI pushes the curve further toward defenders. For novel attack surfaces and logic bugs, the human researcher premium increases because AI can't replicate creative exploitation.
The Paradox: Prices Rising Despite Cheaper Discovery
Zero-day prices are inflating ~44% annually (Crowdfense 2024: $7M for iOS, up from ~$2M in 2019; Operation Zero offering $20M for smartphone chains). How? Discovery cost is collapsing, but weaponization cost is exploding. Modern mitigations mean full exploitation chains now require 5+ components (sandbox escape, privilege escalation, persistence, etc.) where 3 sufficed before. Each component must be independently maintained. The dominant cost has shifted from Cfind to Cmaintain × chain_length — exactly what Dowd predicted.
The Bifurcation
AI creates a two-tier vulnerability market:
Commodity Tier (AI-Findable)
Memory corruption variants, injection patterns, known misconfigurations. AI finds these in bulk. Supply explodes. Prices collapse toward bug bounty floor. Scarcity → 0.5 or lower. These become the "electricity" of the exploit market — cheap, abundant, essential for volume operators (Model B, C, D).
Premium Tier (Human-Only)
Novel attack surfaces, complex logic chains, architectural flaws, side-channel innovations. AI can't find what it hasn't been trained on. Supply stays constrained. Prices increase as T1 hardening continues. Novelty multiplier → 2.0-3.0. These are the "rare earth minerals" — scarce, expensive, and decisive for Model A operators.
Part 17N-Day Acceleration: The Shrinking Window2026 Update
This may be the single most important trend in vulnerability economics. The time between a vulnerability being patched and a working exploit being available to attackers has collapsed from weeks to hours. In 2024, 29% of vulnerabilities in CISA's Known Exploited Vulnerabilities catalog were weaponized on the same day the CVE was published. Patches are now effectively exploit blueprints.
The Patch-to-Exploit Timeline
| Era | Typical Timeline | Method |
|---|---|---|
| Pre-2020 | Weeks to months | Manual reverse engineering of patches, human exploit development |
| 2020-2023 | Days to weeks | Automated binary diffing (BinDiff, Diaphora), faster tooling |
| 2024-2026 | Hours to days | AI-accelerated patch analysis, LLM-assisted exploit scaffolding. Average time-to-exploit: 5 days. 29% of KEV vulns exploited on day zero (VulnCheck 2025). GPT-4 generates functional exploits from CVE descriptions at 87% success rate. |
What This Means for the Framework
The 0day premium is under pressure from both sides. On the supply side, AI finds more bugs faster. On the demand side, n-day exploits become available so quickly after patches that buyers who don't need "day zero" capability can wait for the patch, reverse it, and have a working exploit within hours — at a fraction of the 0day price.
As tpatch→exploit → 0, the 0day premium → f(exclusivity, stealth) only
For Model A buyers (Five Eyes boutique), the 0day premium still holds because they need stealth and exclusivity — a public patch triggers detection signatures. For Model B buyers (Chinese volume), n-day acceleration is a gift — they can weaponize patches almost instantly against targets that won't apply them for months. For Model D (ransomware), n-day is already the primary model — they weaponize Patch Tuesday within 48 hours and exploit the long tail of unpatched systems.
The Defender's Dilemma Intensifies
Patches are now dual-use publications. Every security update is simultaneously a fix for defenders and a roadmap for attackers. The window where "patched = safe" was always a fiction — but it was a useful fiction when exploit development took weeks. At hours-to-days, the fiction collapses entirely.
This creates a perverse incentive structure:
- For vendors: Patching faster helps your users who update, but also arms attackers faster against those who don't.
- For defenders: The "patch Tuesday" model assumed you had days-to-weeks. You now have hours. Enterprise Linux patch cycles take 30-60 days; 50% of critical CISA KEV vulns remain unpatched 55 days after fix is available. Patch deployment speed is a security metric, not an ops convenience.
- For attackers: The rational strategy shifts from "stockpile 0days" toward "maintain patch-diffing capability." One capability generates unlimited n-day exploits.
- For bug bounty: Fast disclosure helps — but the window between "vendor knows" and "patch is reversed" is shrinking. Responsible disclosure timelines need to account for this.
Updated Time-Decay
The time-decay constant λ in the formula needs revision. In an AI-accelerated n-day world:
| Target Type | λ (Pre-AI) | λ (2026) | Effective Half-Life |
|---|---|---|---|
| Mobile (iOS/Android) | 0.05/month | 0.08/month | ~9 months → ~5 months |
| Desktop OS | 0.03/month | 0.05/month | ~23 months → ~14 months |
| Server/Cloud | 0.04/month | 0.06/month | ~17 months → ~12 months |
| IoT/Embedded | 0.01/month | 0.015/month | ~69 months → ~46 months |
| Legacy/ICS | 0.005/month | 0.005/month | ~139 months (unchanged) |
Note: Legacy/ICS decay rates are unchanged because these targets don't benefit from AI-accelerated patching — they often can't patch at all. This further validates Model B economics.
Part 18Full Spectrum: All Models ComparedSummary
| Model | Buyer | Bug Value Driver | Primary Targets | AI Impact |
|---|---|---|---|---|
| A | Five Eyes / boutique offensive | Stealth × exclusivity × chain completeness | T1 hardened platforms | ↑ Premium for human-only finds |
| B | Chinese state / volume | Aggregate access × strategic position × duration | T3-T5 infrastructure | ↓ AI finds more cheap bugs faster |
| C | Initial Access Brokers | Target revenue × access depth × freshness | Corporate networks | ↔ Access is access regardless of method |
| D | Ransomware / criminal industrial | Expected ransom × payment probability − costs | Revenue-rich organizations | ↓ More n-days faster = lower access cost |
| E | Chaotic / anti-economic | Visibility × political impact (non-monetary) | Symbolic / high-profile | ↔ Social engineering bypasses exploit economics |
| F | Commercial surveillance vendors | License fee × customers × contract duration | T1 mobile (journalist/activist targets) | ↑ AI finds bugs but can't replace chain maintenance; legal costs rising |
| G | Defensive intelligence (ZDI, TAG, etc.) | Customers protected × severity × speed advantage | All tiers (broadest coverage = most value) | ↑ AI amplifies both discovery and signature generation |
Part 19Red Team: Stress-Testing the Framework32 Agents
Parts 19–20: Honest Assessment. Every framework has blind spots. Rather than pretend this one doesn't, we subjected it to adversarial analysis and adjusted the predictions accordingly.
This framework was stress-tested by 32 parallel AI agents — 8 engineers, 8 architects, 8 pentesters, and 8 interns — each with a distinct analytical lens. What follows is the synthesis: the strongest case for the framework, the strongest case against it, and the insights that surprised us.
The Steelman — Strongest Case For This Framework
- Chain complexity increasing from 3 to 5+ components is empirically measured, vendor-confirmed, and architecturally irreversible.
- Maintenance cost now dominates exploitation economics — every practitioner with direct market experience independently confirms this.
- N-day weaponization collapsing to hours is the hardest data point, supported by multiple independent measurement sources.
- Memory-safe language adoption is a one-way door — you cannot un-ship Rust kernel modules or revert Chrome to C++.
- Government buyers face operational mandates that prevent substitution away from premium 0day capabilities regardless of price.
- The premium on human creativity grows because AI excels at pattern-matching but cannot yet discover architectural novelty.
- The Rust supply scissors — fewer memory corruption bugs plus longer chains — creates a genuine Nash equilibrium shift.
- The offensive-defensive price divergence reflects two fundamentally different products sold to different buyers for different purposes.
The Counter-Argument — What the Framework Gets Wrong
- False precision on opaque data. The ~44% inflation figure extrapolates from broker marketing catalogs, not transaction data. Predicting from Zerodium's published price list is like forecasting the housing market from Zillow Zestimates.
- Compound math breaks it. 44% annual compound inflation means $55M per exploit chain in five years and $340M in ten — a number that exceeds every government procurement budget, guaranteeing a substitution breakpoint the model ignores.
- The De Beers problem. The diamond market maintained artificial price tiers for decades through supply control, then collapsed within a single decade when synthetic diamonds democratized. AI-assisted chain discovery is the synthetic diamond of vulnerability markets.
- Bug bounty data contradicts. Observable bug bounty payout data directly contradicts the AI deflation thesis: Google, Apple, and HackerOne payouts are all rising year-over-year through 2025, not falling.
- The erased middle. The "two-tier" framing erases the fat middle — domain-specific logic bugs that are neither trivially automatable nor elite-tier — where most economic activity and most real-world breaches actually occur.
- No shock model. The framework has zero model for cascade events: a single Vault 7-style leak cascades an entire T1 inventory into the n-day pool overnight, simultaneously destroying offensive investment value and supercharging criminal exploitation.
- Self-defeating talent loop. Talent migration from deflating bounties to inflating offensive markets depletes the defensive research pipeline, expanding the attack surface that makes 0days viable — a feedback loop the model treats as two independent markets.
- No historical precedent for permanence. No security market in history has bifurcated permanently — antivirus, pentesting, and encryption all showed decade-scale phase transitions before reconverging.
Additional Insights from the Red Team
"The 0day market is not a market at all but a collection of power relationships where pricing reflects leverage, classification authority, and legal threat — not supply, demand, or technical merit."
"The 'human premium' is really a human secrecy premium. Humans can be trusted to keep secrets, sign NDAs, and face prison for violations. AI cannot be deposed, threatened with extradition, or have its passport revoked. The premium is about coercibility and accountability, not cognitive superiority."
"Bug bounty was never primarily about finding bugs. It is a liability transfer mechanism and a compliance checkbox. Companies pay for the program's existence, not the bugs it finds. The price floor is set by SOC 2 compliance value, not the marginal cost of finding the next XSS."
"Chain construction is combinatorial search with binary feedback — exactly AI's forte. The 'human creativity premium' is a comforting narrative for exploit developers who want to believe they are artisans. The search space is enumerable, and the feedback signal is perfectly binary. That is AI's dream problem."
"Both tiers collapse simultaneously if a major platform ships a formally verified microkernel. Premium collapses because chain complexity drops to 1-2. Commodity collapses upward because only logic bugs remain. Result: a single tier of moderately expensive logic bugs."
Verdict: The directional forces are real — offensive prices rising, commodity discovery getting cheaper — but the framework mistakes a phase transition for an equilibrium. It overfits to a specific inflation rate from opaque data and ignores the second-order dynamics that will reshape the trajectory within 3-5 years in ways the current model cannot predict.
Part 20Price Trajectory Predictions (Red Team-Adjusted)
| Market Segment | Framework Prediction | Red Team Adjustment |
|---|---|---|
| T1 0day (iOS/Android full chain) | ~44%/yr inflation indefinitely | 15-25%/yr for 3-5 years, then demand ceiling triggers substitution to supply chain attacks, social engineering, and hardware implants |
| T2-T3 0day (enterprise, VPN, browser) | Moderate inflation | Flat to slight increase — the "fat middle" is undermodeled and is where most market activity actually lives |
| Bug bounty (commodity) | Deflation from AI | Stable to slight increase for 2-3 years (contradicts observable data), then possible AI-driven compression at low-end only |
| Bug bounty (premium/critical) | Premium increases | Agree — human creativity premium is real but has 3-5 year shelf life before AI chain discovery matures |
| N-day market | Operationally equivalent to 0day for most attackers | Strongest agreement — this is the most disruptive force and the most underappreciated by current pricing models |
| Criminal / ransomware | Shift to n-day reliance | Agree — already happening, accelerating. Identity-driven groups (prestige) will maintain irrational 0day investment |
The Three-Horizon View
Near Term (2026-2028)
Current trends continue. T1 prices inflate 15-25%/yr. N-day becomes the default for Model B/D. Bug bounty payouts remain stable (compliance floor holds). AI augments but doesn't replace human researchers. The market appears to bifurcate.
Medium Term (2028-2031)
Substitution effects kick in. T1 buyers diversify toward supply chain, social engineering, and insider access as 0day prices exceed ROI thresholds. AI begins finding novel vulnerability classes (chain construction as search problem). Bug bounty's low-end compresses; premium segment holds. The "fat middle" becomes the primary battleground.
Far Term (2031-2036)
Phase transition completes. Memory-safe language adoption reaches critical mass in new code. 0day prices stabilize or decline as AI chain discovery matures. The market reconverges around a new equilibrium — not the original single market, but not a clean binary either. Logic bugs, architectural flaws, and human-factor attacks define the landscape. The framework needs to be rewritten.
The honest conclusion: This framework describes the present accurately and the near-term plausibly. Beyond 3-5 years, the model's assumptions degrade faster than the exploits it describes. The mechanisms — maintenance cost dominance, chain complexity, n-day collapse, memory-safe language adoption — are durable insights. The specific numbers are useful fictions with a short shelf life. Treat them accordingly.