What Is a Bug Worth? 2026 Revised Edition

Part 1The Decision Tree

Start here. Before assigning a dollar value, a vulnerability must pass through a series of gates. The first question isn't "how much?" — it's "is this real?" Most bugs gate out early. The ones that survive are worth pricing.

Do you have a vulnerability?

↓

Is this actually exploitable?

Many bugs are theoretical. If you can't demonstrate impact, you have a report, not an exploit. Gate out here — value is near zero.

↓ Yes

Is this maintainable?

Dowd's critical insight: an exploit you can't maintain is a depreciating asset on a timer. If the maintenance cost exceeds the value window, it's not worth developing.

↓ Yes

Who is the buyer?

Bug Bounty

Vendor-set price ceiling. Fastest payout, lowest value. Public disclosure timeline. No maintenance needed.

Government / Offensive

Highest individual prices. Exclusivity required. Maintenance obligations. Geographic restrictions. Longest sales cycle.

Broker / Intermediary

Market-rate pricing. Zerodium, Crowdfense models. Broker handles buyer matching. Commission cut. Fast payment.

Defensive / Vendor

Reputation value. CVE credit. Conference talks. Consulting leverage. Non-monetary or low monetary value.

Part 2What Is Actually Being Priced?

The phrase "what is a bug worth?" hides a category error. Markets do not consistently buy the same thing. Sometimes they buy a defect report. Sometimes they buy a validated exploit primitive. Sometimes they buy a full chain. Sometimes they buy durable access. Treating those as interchangeable creates false precision.

Object	Definition	Typical Buyer Question
Defect value	The raw vulnerability before chaining or operationalization	"Is this real, novel, and fix-worthy?"
Exploit value	A validated primitive that produces useful control or disclosure	"Can this be reproduced reliably?"
Chain value	An end-to-end capability that reaches an objective	"Does this achieve code execution, persistence, or compromise?"
Access value	The operational foothold a downstream buyer can actually use	"Can I turn this into an operation or a defensive product?"

The core claim of this revised paper is that vulnerability markets are really conversion markets. They reward whoever can turn a defect into access, or into a defensive advantage, under time pressure and operational constraints.

Part 3Evidence and Uncertainty

This paper mixes official program data, vendor announcements, intelligence reporting, broker marketing, and first-principles inference. Those are not equally strong forms of evidence. The framework is most useful when readers can see which claims are observable and which are interpretive.

Evidence Type	Meaning	Examples in This Paper
Observable	Directly published by official program or vendor source	Apple bounty maxima, Google and Microsoft yearly payout totals
Reported	Claim made by a market participant or threat-intel source	Broker pricing, campaign attributions, CSV activity
Inferred	Conclusion drawn from multiple sources and mechanisms	Substitution effects, buyer behavior, maintenance burden by model
Speculative	Plausible scenario not yet established as durable fact	Long-run AI equilibrium, permanent market bifurcation

Interpretation rule: treat the formulas and worked examples below as heuristic decision tools, not market-clearing price engines.

Part 4Valuation Factors

Parts 4–7 are reference material. They define the inputs to the heuristic model. Skim these on first read, then come back when you're working through the examples and buyer models.

Each factor modifies the base value of a vulnerability. They're multiplicative — a weakness in any single dimension dramatically reduces total value.

Factor	Range	Description
`R` Reliability	0.1 – 1.0	Probability of successful exploitation per attempt. 1.0 = 100% reliable.
`C` Chain Completeness	0.2 – 1.0	1.0 = full chain (entry to objective). 0.2 = single primitive requiring other bugs.
`I` Interaction	0.3 – 1.0	1.0 = zero-click. 0.7 = one-click. 0.3 = complex user interaction required.
`P` Persistence	0.4 – 1.0	1.0 = survives reboot, full persistence. 0.4 = session-only, volatile.
`D` Detection Risk	0.3 – 1.0	1.0 = undetectable. 0.3 = high detection probability (noisy, logged, monitored).
`M` Maintenance Cost	0.2 – 1.0	1.0 = no maintenance needed. 0.2 = constant re-engineering with each patch cycle.
`S` Shelf Life	0.1 – 1.0	1.0 = years before likely patch. 0.1 = actively being investigated, patch imminent.
`Sc` Scarcity	0.5 – 3.0	Supply-side multiplier. 3.0 = nobody else has this. 0.5 = common bug class on common target.
`E` Exclusivity	0.3 – 1.5	1.5 = exclusive sale, buyer gets monopoly. 0.3 = non-exclusive, others may have it.
`G` Geographic Demand	0.5 – 2.0	Jurisdictional multiplier. 2.0 = target aligns with buyer's strategic priorities.
`N` Novelty	1.0 – 3.0	First-of-kind exploitation technique bonus. 1.0 = known class. 3.0 = new attack surface.
`A` Asymmetry	1.0 – 5.0	Ratio of effort to find vs effort to fix. Higher = harder to fix = more valuable.

Part 5A Heuristic Valuation Model

This model is a structured way to compare scenarios, not a claim that opaque exploit markets can be priced with engineering precision. It estimates value bands by combining what the capability is, who wants it, and how quickly it decays.

V(t) = B_target × B_class × R × C × I × P × D × (M × S) × Sc × E × G × N × A × e^−λt

V(t)	Estimated scenario value at time t after discovery (best read as a range, not a point price)
B_target	Base value from target platform tier (see Target Tiers table)
B_class	Base value from bug class severity (see Bug Classes table)
R,C,I,P,D	Technical quality factors (reliability, chain, interaction, persistence, detection)
M × S	Maintainability group — maintenance cost × shelf life. These are coupled: low maintenance only matters if shelf life is long.
Sc,E,G	Market factors (scarcity, exclusivity, geographic demand)
N,A	Bonus multipliers (novelty, asymmetry)
e^−λt	Time-decay function. λ varies by target: mobile ≈ 0.05/month, desktop ≈ 0.03/month, IoT ≈ 0.01/month

The useful distinction is between base value (what the capability is), conversion cost (what it takes to make it operational), and buyer-specific premium (who can actually use it). A Chrome zero-click RCE may have high base value; whether it is worth thousands, millions, or mainly defensive prestige depends on the buyer model.

Confidence note: the technical factors are often estimable. The market multipliers are often not. When in doubt, widen the range.

Part 6Target Platform Tiers

Not all targets are equal. A bug in iOS is worth orders of magnitude more than the same class of bug in a WordPress plugin — because the target is harder, the user base is larger, and the security investment is deeper.

Tier	B_target	Examples	Rationale
T1	$1M – $9M	iOS, Android (Pixel/Samsung), Chrome, Safari, Windows kernel	Billions of users, hardened targets, massive security investment
T2	$100K – $500K	macOS, Linux kernel, Edge, Firefox, Exchange, Signal	Large user bases, active security programs, regular patching
T3	$25K – $100K	Enterprise SaaS (Salesforce, O365), VPN appliances, routers	High-value corporate targets, mixed patching discipline
T4	$5K – $25K	WordPress, CMS platforms, smart home, consumer IoT	Large attack surface, low security investment, slow patching
T5	$1K – $5K	Legacy SCADA/ICS, EOL devices, niche embedded systems	Small deployment base but potentially critical infrastructure

Note: IoT and ICS targets can jump tiers when deployed in critical infrastructure. A $20 smart plug is T4; the same firmware in a power grid relay is T1-T2.

Part 7Bug Class Severity

What type of bug is it? A memory corruption vulnerability that gives you code execution is the gold standard. An information disclosure is useful but limited. The class determines the base multiplier.

Class	B_class	Examples
Memory Corruption (RCE)	1.0	Use-after-free, heap overflow, type confusion → code execution
Logic (Auth Bypass)	0.8	Authentication bypass, privilege escalation via logic flaw
Cryptographic	0.7	Weak key generation, padding oracle, protocol downgrade
Side-Channel	0.6	Timing attacks, cache-based leaks, speculative execution
Authentication / Session	0.5	Session fixation, token prediction, credential leakage
Information Disclosure	0.3	Memory leaks, path traversal reads, SSRF to internal data
Denial of Service	0.1	Crash bugs, resource exhaustion, amplification

Part 8Insights from Mark Dowd

This is the most important section in the document. The formula gives you a number. Dowd's insights give you the reasoning behind that number — and explain why most people get capability valuation wrong by treating defect, exploit, chain, and access as if they were interchangeable.

Mark Dowd — co-author of The Art of Software Security Assessment, founder of Azimuth Security, and one of the most accomplished vulnerability researchers alive — has delivered key pieces of analysis across his OffensiveCon 2022 keynote, BlueHat 2023 presentation, Risky Business HF13 interview, and a 2026 podcast interview on the zero-day exploit marketplace that underpin this framework.

"People dramatically underestimate maintenance cost. You find a bug, you write an exploit, and now you're on a treadmill. Every patch Tuesday, every point release, you're checking: did they break it? Did they change the heap layout? Did they add a mitigation? That cost is ongoing and it compounds."

— OffensiveCon 2022 Keynote (paraphrased)

"Stockpiling in the traditional sense — hoarding dozens of exploits against the same target — is irrational for a Five Eyes-style buyer. Mitigations don't kill one bug; they kill entire classes. One ASLR improvement, one sandbox hardening, and your entire stockpile for that target is degraded simultaneously."

— Risky Business HF13 Interview (paraphrased)

"We're approaching an inflection point where, for hardened targets, it's getting harder to hack than to secure. The cost curve is crossing. That doesn't mean bugs stop existing — it means the economics flip. Finding becomes more expensive, maintaining becomes more expensive, and the buyer needs to pay for all of it."

— OffensiveCon 2022 Keynote (paraphrased)

"The detection environment has fundamentally changed. It's not just about whether your exploit works — it's about whether using it gets you caught. Attribution capability is a tax on every operation, and it increases the effective cost of deployment."

— Risky Business HF13 Interview (paraphrased)

2026 Update: AI, Expected Lifetime, and Effect-Based Buying

In a 2026 podcast interview on the zero-day exploit marketplace, Dowd extended the framework into the AI era. The 2022 maintenance-cost lens still holds, but AI compresses the time axis on both sides — researcher and vendor — and the customer is increasingly buying an operational effect, not a capability artifact. Four points are worth quoting in full.

"People who have a very in-depth technical knowledge of certain platforms or code bases have an advantage with AI acting more as a force multiplier for them than [for] someone else. They have already a good intuition of exactly where to look and the right questions to ask the LLM. If you have an LLM hypothesize about vulnerabilities in a particular code base, all of it sounds pretty plausible — and an experienced person can go: I know that's not a thing. Let's spend our time on this."

— 2026 Zero-Day Marketplace Interview (paraphrased)

"This will certainly change the economics of the vulnerability marketplace. Vulnerabilities themselves become less valuable in and of themselves. Provable and exploitable ones will retain a high value, but they might lose value or undergo some kind of product change based on the fact that the expectation of them lasting for any length of time will probably drop."

— 2026 Zero-Day Marketplace Interview (paraphrased)

"The vendors have access to the same technology and in general dramatically more compute, not to mention potentially exclusive access to [vendor-side AI tooling]. They have the ability to find the vulnerabilities that other people are finding at scale and to improve the throughput of their patching. As the cost of development goes towards zero, it's not that difficult for them to re-architect significant blocks of not just the vulnerable code but their patching infrastructure. Things that before were a two-year effort — they can iterate quickly on now."

— 2026 Zero-Day Marketplace Interview (paraphrased)

"The consumers of these products from a certain standpoint don't actually care about exploits, and they also don't care about the complexity of them. They're trying to achieve an effect. If a shell script did it, that would be great — we'll pay for it. So they start looking at: how do we achieve what we need to achieve? Can we live with less? Do we need a full team?"

— 2026 Zero-Day Marketplace Interview (paraphrased)

Two structural observations also worth flagging from the same interview, even though they don't get full quote treatment here. First, the market is bifurcating: a high-touch tier still serves a few customers paying top dollar for full chains (NSO-style), while a high-volume tier — Grayshift was Dowd's example — sells a "button" to a much larger pool of less technically sophisticated buyers at far lower price points. Second, mitigations are deployed conservatively at first ("turned down fairly low") and tightened over time, so early-life bypasses against a new mitigation are not the same evidence as late-life bypasses; class-kill durability should be assessed post-soak, not at launch.

Key Economic Principles (Derived from Dowd)

Principle	Implication
Maintenance cost is the hidden variable	An exploit path's TCO is discovery + development + ongoing maintenance. Most valuations only count the first two.
Mitigations kill classes, not instances	Stockpiling multiple exploit paths built on the same target class and mitigation assumptions is building on sand.
Detection changes value retroactively	A burned exploit isn't just worthless — it's negative value (attribution, diplomatic cost, capability exposure).
The cost curve is crossing	For T1 targets, the asymmetry is shifting toward defenders. This increases 0day prices but decreases ROI.
Effort to find vs effort to fix (asymmetry)	Capabilities rooted in flaws that require architectural change (not just a patch) command premium because they persist longer.
AI shortens expected lifetime 2026	Provable, exploitable bugs retain high value. The rest lose value because expected dwell time before a vendor finds and patches them is dropping. Net: NPV of any non-provable exploit asset compresses.
AI is asymmetric toward experts at the high end 2026	Democratization is real at the bottom of the market. At T1 targets, expert-plus-AI dominates AI alone — an experienced researcher knows which LLM hypotheses are plausible and which are nonsense. The gap widens, it doesn't close.
Buyers pay for effects, not exploits 2026	Capability valuation must be benchmarked against the cheapest substitutable means of producing the same operational effect — cloud abuse, identity theft, SS7, social engineering, even a shell script. The exploit is a means, not the product.
Defender re-architecture is now cheap 2026	Vendors can rewrite patching infrastructure and code paths in weeks, not years. Class kills accelerate because the cost of shipping the kill collapses too — not just the cost of finding what to kill.
Mitigation soak-period dynamic 2026	New mitigations ship conservatively to protect user experience, get bypassed loudly, then tighten. Early-life bypasses are not steady-state evidence. Assess class-kill durability after the soak period, not at launch.

Part 9Same Capability, Different Markets

Here's where the framework gets practical. The same technical capability package can have radically different value depending on who's buying. This table illustrates the gap using a hypothetical iOS zero-click chain that reaches a real operational objective.

Market	Estimated Value	Evidence Quality	Obligations
Apple Bug Bounty	$500K – $2M	Observable	Disclosure to vendor. Public credit optional.
Broker (Zerodium/Crowdfense)	$2.5M – $9M	Reported / marketing	Exclusivity period. No disclosure. Treat published broker prices as asking signals, not transaction datasets.
Government Direct (Five Eyes)	$3M – $20M	Mostly inferred	Exclusivity. Maintenance contract. Security clearance may be required.
Defensive / Conference	$0 – $50K	Mixed	Responsible disclosure. CVE coordination. Talk submission.

These ranges are illustrative. Public bounty ceilings are observable; broker and government numbers are less reliable and should be treated as directional, not definitive. Read them as prices for differently packaged outcomes — disclosure, exclusivity, or durable access — not as a universal sticker price for one raw vulnerability.

Part 10Worked Examples

Theory is nice. Let's run the numbers. This section now starts with offensive procurement and weaponization, because that is where the pricing question is sharpest. The contrast cases at the end show what happens when the same broad class of capability is routed into bounty, disclosure, or defender urgency instead.

Example A: Offensive Market Path — Android Zero-Click RCE

A zero-click RCE in Android's messaging stack affecting Pixel and Samsung devices, achieving persistent implant. Sold through a broker to a government buyer.

B_target = $1,500K (T1 — Android, top devices)
B_class = 1.0 (memory corruption, full RCE)
R = 0.85 (reliable but ASLR means ~85% first-try success)
C = 1.0 (full chain — entry to persistent implant)
I = 1.0 (zero-click)
P = 0.9 (survives reboot via system service persistence)
D = 0.7 (some EDR risk on managed enterprise devices)
M = 0.5 (monthly Android patches require constant re-testing)
S = 0.4 (Android patches monthly — expected life ~4-6 months)
Sc = 2.5 (very few researchers find full Android chains)
E = 1.5 (exclusive sale to single buyer)
G = 1.5 (Middle East/APAC government demand for Android targets)
N = 1.5 (novel entry point via messaging stack)
A = 3.0 (fix requires architectural messaging redesign)
t = 0

V(0) = $1,500,000 × 1.0 × 0.85 × 1.0 × 1.0 × 0.9 × 0.7 × (0.5 × 0.4) × 2.5 × 1.5 × 1.5 × 1.5 × 3.0
V(0) = $1,500,000 × 0.85 × 0.9 × 0.7 × 0.2 × 2.5 × 1.5 × 1.5 × 1.5 × 3.0
V(0) ≈ $2,170,000

≈ $2.0M – $2.5M

Reality check: Zerodium's published price for Android full chain + persistence is $2.5M. Crowdfense has offered up to $3M. The formula's output is in the right ballpark. Note how the maintenance × shelf life group (M × S = 0.2) significantly drags down value — this is Dowd's key insight in action.

Observed Offensive Procurement

Public evidence for offensive procurement is much thinner than bounty evidence. Completed deals rarely come with invoices and press releases. The clearest examples usually come from broker announcements, leaked negotiation records, or court and sanctions documents.

Example B: Offensive Broker Purchase — Zerodium's $1M iOS 9 Remote Jailbreak

In November 2015, Zerodium announced that one team had won its $1M contest for a browser-based, remote, untethered iOS 9 jailbreak. The key point is not the marketing headline. The key point is that the exploit was acquired exclusively and then held for sale to Zerodium's government and corporate customers rather than disclosed to Apple.

Observed offensive procurement: $1,000,000

Interpretation: this is one of the cleanest public examples of a vulnerability chain being procured explicitly for weaponization and resale, not for defense or disclosure. It is also a useful reminder that what gets bought is usually not "a bug" but a reliable, remote, operational chain.

Sources: MacRumors report on Zerodium's announced $1M payout; follow-up noting Zerodium had paid the $1M award.

Example C: Offensive Integrator Purchase — Hacking Team's Exploit Procurement

The Hacking Team leak exposed a more ordinary and therefore more revealing market. Wired reported that Hacking Team bought zero-days to install its RCS spyware for government customers, including a successful $45,000 Flash exploit sale, a one-year $60,000 contract with researcher Eugene Ching, and a later $20,000 exploit bonus. The amounts are smaller than Zerodium's flagship headlines, but the mechanism is arguably more representative: steady procurement of exploitable components for an offensive platform.

Observed offensive procurement: $45,000 exploit sale; $60,000 contract + $20,000 bonus

Interpretation: this is the best public illustration of the "middle layer" offensive market. Not every procured exploit is a $1M mobile chain. Some are integrated components bought on contract, priced around how quickly they can be turned into working intrusion capability for downstream government clients.

Sources: Wired on Hacking Team's exploit procurement; Wired on the documented $45,000 Flash exploit sale.

Example D: Broker-to-State Procurement — Operation Zero and Stolen U.S. Cyber Tools

On October 29, 2025, the U.S. Department of Justice said Peter Williams sold at least eight protected cyber-exploit components to a Russian broker through multiple written contracts that included initial payment and ongoing support. On February 24, 2026, Treasury said Operation Zero had acquired those tools, offered rewards for exploits targeting U.S.-built software, and then sold the stolen tools onward. This is the strongest recent public evidence of exploit procurement for weaponization because it appears in official legal and sanctions records rather than market rumor.

Observed offensive procurement: at least eight exploit components; millions in cryptocurrency; follow-on support contracts

Interpretation: the important economic detail is not the exact price per component or exploitable defect, which remains undisclosed. It is the contract structure: initial acquisition plus support. That is exactly what you would expect if the real product being bought is durable offensive capability, not mere vulnerability knowledge.

Sources: DOJ plea announcement, October 29, 2025; Treasury sanctions notice, February 24, 2026.

Contrast Cases: Bounty, Disclosure, and Defender Urgency

These examples matter because they show where value goes when the same broad capability is routed away from exclusivity. In each case, the underlying defect or exploit primitive still matters, but the buyer, the use case, and the pricing logic are different.

Example E: Premium Bounty Path — Chrome MiraclePtr Bypass

Google's March 7, 2025 VRP review reported that Chrome paid 137 researchers $3.4M in 2024, with the highest single reward at $100,115 for a MiraclePtr bypass. This is a useful contrast case: clearly valuable, clearly exploitable, but still far below the price of an exclusive top-end offensive chain.

Observed public price point: $100,115

Interpretation: this is the upper end of the bounty market for a browser-adjacent primitive. It shows how much price is lost once the capability is routed into disclosure rather than retained as exclusive access.

Sources: Google VRP: 2024 in Review.

Example F: Fat-Middle Path — Microsoft Identity Authentication + MFA Bypass

Microsoft's Identity Bounty publishes a payout table rather than a single sale. As of April 22, 2026, qualified submissions range from $750 to $100,000, with authentication plus multi-factor-authentication bypass eligible for up to $100,000. This is the clearest public example of the paper's fat middle: not commodity web noise, not a $2M mobile chain, but still obviously strategic.

Observed public ceiling: up to $100,000

Interpretation: identity, federation, and trust-boundary bugs can command six-figure pricing because they collapse directly into access. They are often operationally closer to "access arbitrage" than to classic memory-corruption prestige targets.

Sources: Microsoft Identity Bounty.

Example G: N-Day Path — SharePoint ToolShell (CVE-2025-53770)

On July 19, 2025, Microsoft published customer guidance for active exploitation of SharePoint vulnerability CVE-2025-53770. On July 20, 2025, CISA added it to the Known Exploited Vulnerabilities catalog. This is not a premium 0day pricing example. It is a transition example: once public exploitation begins, value rapidly migrates from exclusivity to patch-lag and mass operational utility.

Observed signal: 0day exclusivity collapses; n-day operational demand spikes immediately

Interpretation: the price of exclusivity falls sharply at disclosure, but the value of access does not vanish. For enterprise software with slow patching and broad deployment, the relevant market can shift in 24 hours from "who has the 0day?" to "who can weaponize the n-day first and who can defend against it fastest?"

Sources: MSRC guidance, July 19, 2025; CISA KEV addition, July 20, 2025.

Example H: Bug Bounty Path — WordPress Plugin SQLi

A SQL injection in a popular WordPress plugin (10M+ installs) allowing unauthenticated data extraction. Reported through the vendor's bug bounty program.

B_target = $15K (T4 — WordPress ecosystem)
B_class = 0.5 (auth-adjacent — SQLi leading to credential extraction)
R = 0.9 (highly reliable, standard SQLi)
C = 0.6 (data extraction only, no RCE)
I = 0.9 (unauthenticated, one HTTP request)
P = N/A (not applicable for bounty path)
D = N/A (not applicable — reporting, not operating)
M = 1.0 (no maintenance for bounty)
S = 0.8 (plugin slow to patch, but will eventually)
Sc = 0.7 (SQLi in WordPress plugins is not rare)
E = 0.3 (bounty = vendor knows, non-exclusive by nature)
G = 1.0 (universal target)
N = 1.0 (known class)
A = 1.5 (architectural — prepared statements require refactor)
t = 0 (reporting immediately)

V(0) = $15,000 × 0.5 × 0.9 × 0.6 × 0.9 × 1.0 × 0.8 × 0.7 × 0.3 × 1.0 × 1.0 × 1.5
V(0) = $15,000 × 0.5 × 0.9 × 0.6 × 0.9 × 0.8 × 0.7 × 0.3 × 1.5
V(0) ≈ $1,020

≈ $1,000 – $1,500

Reality check: Typical WordPress plugin bounties range $250 – $5,000. The formula produces a mid-range estimate consistent with market data. The low exclusivity factor (0.3) heavily discounts bounty-path value.

Part 11Temporal Value Curve

A vulnerability's value isn't static. It follows a predictable lifecycle from discovery through eventual death. The decay rate (λ) depends on the target's patch cadence and the broader detection environment.

Value Over Bug Lifetime

Discovery

Dev

Peak

Sale

Deploy

Active

Aging

Decay

Patched

Dead

Phase	Value State	Duration (typical)
Discovery	Potential — unproven, no exploit	Hours – weeks
Development	Increasing — exploit being built and tested	Days – months
Peak	Maximum — reliable exploit, undisclosed, no detection	Days – weeks
Sale / Deployment	High — transferring to buyer, first operational use	Weeks
Active Use	Declining — each use increases detection risk	Weeks – months
Aging	Eroding — target patching, mitigations improving	Months
Decay	Low — likely detected or near-patched, maintenance expensive	Weeks
Death	Zero — patched, detected, or mitigation makes it inoperable	Permanent

Part 12The Stockpiling Revision

Parts 12–17: Buyer Models. The model above tells you how to think about value. These sections explain why different buyers rationally arrive at different answers.

Dowd's argument that stockpiling is irrational holds strongly for a boutique, high-maintenance offensive buyer. It weakens under a different set of assumptions: cheap targets, long patch lags, and value defined as aggregate access rather than exquisite single-chain capability.

Model A — Five Eyes Boutique

Quality Over Quantity

Small number of high-value, high-maintenance exploits targeting hardened T1 platforms. Each exploit is a precision instrument, maintained by a specialized team. Stockpiling is irrational because:

Maintenance costs compound per-exploit
Class-kill mitigations wipe stockpiles
Detection of one can burn operational patterns
Small teams can't maintain dozens of chains

ROI = V_intel / (C_find + C_dev + C_maintain × t)

High V_intel, high C_maintain — works only with few, carefully chosen targets.

Model B — PRC-Style Volume Collection

Quantity at Scale

Large volumes of cheaper capabilities against T3-T5 targets can make stockpiling rational. PRC regulation and observed China-nexus campaigns suggest this style of economics, but the internal structure of the state buyer remains partly inferred rather than directly visible.

Target maintenance cost is near-zero (unpatched devices)
Bugs in legacy targets survive years without maintenance
Volume compensates for individual burn risk
Strategic pre-positioning values access, not individual exploits
State-scale teams can maintain hundreds of capabilities

V_strategic = Σ(access_i × position_i) × duration

Value = aggregate access × strategic positioning × time held. Individual bug value is irrelevant.

Volt Typhoon, Salt Typhoon, and Flax Typhoon are consistent with this model: routers, VPN appliances, and IoT edge devices become valuable less as individual bugs than as a distributed mesh of access. The strongest claim here is suggestive, not definitive: observed campaigns plus PRC vulnerability rules point toward a volume-collection logic.

The revision doesn't invalidate Dowd's insight — it contextualizes it. Stockpiling is irrational when maintenance costs are high and targets are hardened. It becomes rational when maintenance is near-zero, targets don't patch, and the value model is aggregate strategic access rather than individual exploit deployment.

Part 13Model C: Initial Access BrokersExtended

Model C — Access Economy

Access as Product

This is the model that breaks the traditional "bug value" framing entirely. Initial Access Brokers (IABs) don't sell exploits — they sell access. An RDP session, a VPN credential, a domain admin foothold. How they got in is irrelevant to the buyer. This makes IAB economics completely decoupled from exploit quality — a phished credential is worth the same as a zero-day-obtained foothold.

IAB Pricing Logic

IAB pricing follows revenue/sector tiers rather than technical exploit quality. Research from KELA and Cyjax shows consistent pricing bands:

Access Type	Median Price	Range
RDP access (single host)	$500	$100 – $2,000
VPN credentials (corporate)	$1,500	$500 – $5,000
Web shell (admin panel)	$1,000	$300 – $3,000
Domain Admin access	$5,000	$1,000 – $50,000
Citrix/VDI access	$3,000	$1,000 – $10,000

V_access = Rev_target × Depth × Freshness × Sector_premium

Rev	Target company revenue tier — higher revenue = higher ransom ceiling for buyers
Depth	Level of access: user (0.3), local admin (0.6), domain admin (1.0)
Freshness	How recently validated: today (1.0), this week (0.8), this month (0.5)
Sector	Healthcare/finance/legal = 1.5×. Education/non-profit = 0.5×.

Key insight: IAB economics are completely decoupled from exploit quality. A phished VPN credential is worth the same as a zero-day-obtained foothold. The buyer doesn't care how you got in — just that you're in and they can use it.

Part 14Model D: Ransomware IndustrialExtended

Model D — Criminal Industrial

ROI-Driven Expected Value

Ransomware operations treat vulnerability exploitation as a business investment with calculable returns. The RaaS (Ransomware-as-a-Service) ecosystem has professionalized this to the point where operators think in terms of expected value per campaign, affiliate margins, and customer (victim) acquisition cost.

EV = (P_pay × R_avg × N_targets) − (C_access + C_infra + C_laundering)

P_pay	Probability of payment (~30-40% per Coveware/Chainalysis data)
R_avg	Average ransom demand ($1.5M median in 2025 per Sophos)
N	Number of targets hit per campaign
C_access	Cost of initial access (IAB purchase or exploit development)
C_infra	Infrastructure cost (C2, hosting, leak sites)
C_launder	Money laundering cost (~15-30% of proceeds via mixers)

The RaaS affiliate model means the actual ransomware operator keeps 70-80% of ransom payments. For a campaign hitting 10 targets with a 35% payment rate and $1.5M average ransom:

EV = (0.35 × $1,500,000 × 10) − ($50,000 + $20,000 + $750,000)
EV = $5,250,000 − $820,000
EV = $4,430,000 (affiliate share: ~$3.5M)

This explains why ransomware groups will pay $50K+ for IAB access — the ROI is massive. It also explains why they rarely need 0days: the ROI on cheap access to unpatched targets far exceeds the ROI on expensive 0days against hardened ones.

Part 15Model E: Chaotic & Anti-Economic ActorsExtended

Model E — Chaos Economics

When the Framework Breaks

Everything above assumes attackers use vulnerabilities. These groups don't. Lapsus$, Scattered Spider, and hacktivist collectives achieved access to Microsoft, Nvidia, Uber, MGM, and Caesars — all T1 organizations — without a single 0day. They bypass exploit economics entirely, using social engineering, SIM swapping, and credential markets instead.

Primary Vectors (Non-Exploit)

Vector	Cost	Effectiveness
SIM swapping	$500 – $2,000	Bypasses MFA entirely
Social engineering (helpdesk)	$0 (time only)	Targets the human layer
Credential purchasing (logs)	$10 – $500	Infostealer output on dark markets
Insider recruitment	$5,000 – $50,000	Bypasses all technical controls
MFA fatigue/bombing	$0	~5-10% success rate per target

The lesson: your vulnerability economics framework is irrelevant if the attacker isn't using vulnerabilities. The cheapest vectors on this table — social engineering and credential markets — produced the highest-profile breaches of 2022-2024.

For hacktivists, the value function is entirely different: V = visibility × political impact. A defacement of a government website or a data leak from a controversial company has enormous value to the actor despite zero monetary return. This inverts the entire framework — the "bug" might be a publicly known CVE, but the impact value is determined by target symbolism, not technical sophistication.

Part 16Model F: Commercial Surveillance Vendors2026 Update

Model F — Surveillance-as-a-Service

Amortized Exploitation at Scale

Commercial Surveillance Vendors (CSVs) — NSO Group, Intellexa, Paragon, Candiru, QuaDream — represent a fundamentally different economic model from any government buyer. Where Model A purchases a capability for exclusive use by a single agency, CSVs license the same capability to dozens of government customers simultaneously. This transforms the economics from a single transaction to a recurring revenue stream.

Google's Threat Intelligence Group tracked 8 zero-days attributed to CSVs in 2024 — more than any single nation-state. NSO Group is actively seeking US market re-entry with a 2026 transparency report, and American investors took controlling ownership in late 2025. At least 25 states adopted guidelines for responsible behavior around commercial cyber intrusion tools in April 2025, but enforcement remains minimal.

V_csv = (License_fee × N_customers × T_contract) − (C_find + C_maintain × t + C_legal)

License	Per-customer annual fee ($2-8M per government customer per year)
N	Number of concurrent government customers (NSO reportedly had 40+ at peak)
T	Contract duration (typically 1-3 year terms with renewal)
C_find	Discovery cost — amortized across all customers, making per-customer cost minimal
C_maintain	Maintenance cost — shared burden, but a chain burned by one customer burns it for all
C_legal	Legal/regulatory cost — sanctions, lawsuits, export controls. Increasingly the dominant cost center.

Why This Is Distinct from Model A

Dimension	Model A (Five Eyes)	Model F (CSV)
Exclusivity	Single buyer, exclusive use	Multi-tenant, shared capability
Revenue model	One-time purchase + maintenance contract	Recurring SaaS-style licensing
Burn risk	Buyer controls operational tempo	Any customer can burn the chain for all
Cost amortization	Full cost borne by single buyer	Cost spread across 10-40+ customers
Price per customer	$3M-$20M per chain	$2-8M/yr per license (chain shared)
Regulatory exposure	Sovereign immunity	Wassenaar, EU CRA, sanctions, lawsuits

The critical vulnerability of this model: a single Citizen Lab or Amnesty Tech exposure can trigger cascading customer loss, sanctions, and litigation. Legal/regulatory cost (C_legal) is growing faster than any other cost in the model. NSO's 2021 US entity listing, Intellexa's 2024 EU sanctions, and the Pall Mall Process represent structural headwinds that don't exist for Model A buyers.

Part 17Model G: Defensive Intelligence2026 Update

Model G — Inverted Value Function

Buying Bugs to Build Shields

Defensive intelligence buyers — Trend Micro's Zero Day Initiative (ZDI), Google's Threat Analysis Group, CrowdStrike, Recorded Future, and Mandiant — purchase or discover vulnerabilities not to exploit them, but to build detection signatures, threat intelligence products, and protective capabilities for their customers. The value function is inverted: a bug's worth is proportional to how many customers can be protected, not compromised.

V_defense = N_protected × Severity × Speed_advantage − C_acquisition

N_prot	Number of customers protected by the resulting detection/signature
Severity	CVSS-like severity — higher severity = more customer value
Speed	Time advantage over public disclosure — hours/days of exclusive protection
C_acq	Cost to acquire: bounty payment, researcher salary, or purchase from third party

The ZDI Model in Detail

Trend Micro's Zero Day Initiative is the clearest example. ZDI purchases vulnerabilities from external researchers, writes IPS/IDS signatures for Trend Micro's TippingPoint and Deep Security customers, then coordinates responsible disclosure with the vendor. The economics:

Step	Action	Economic Logic
1	Purchase vulnerability from researcher	$5K-$200K depending on severity and target
2	Write detection signature	Immediate protection for TM customers (competitive advantage)
3	Coordinate disclosure with vendor	Goodwill + responsible ecosystem participation
4	Vendor patches	ZDI customers were already protected; everyone else patches now

ZDI has processed thousands of submissions and positions itself as the largest vendor-agnostic vulnerability purchase program. The economic insight: defensive buyers can often pay less than offensive brokers for the same underlying bug because they bundle cash with legitimacy, disclosure, CVE credit, and reputation.

Why This Matters for the Framework

Defensive intelligence creates a price floor for vulnerability discovery talent. Even as offensive markets become more regulated and morally fraught, researchers have a legitimate, legal, reputation-building path to monetize their skills. This is the market segment that prevents the Red Team's "talent drain" scenario from fully materializing — it provides an alternative to the offensive pipeline that doesn't require NDAs, export controls, or moral compromise.

It also creates an interesting economic dynamic: the same vulnerability has positive value to both attacker and defender, but for inverse reasons. The attacker values it for exploitation potential; the defender values it for detection potential. This means vulnerability discovery is not zero-sum — it generates value on both sides of the equation simultaneously.

Part 18The Fat Middle

The market is not cleanly split between cheap commodity bugs and elite mobile chains. Most economically meaningful activity sits in a middle band: bugs that are not trivial, not strategic crown-jewel chains, and still highly operational.

Commodity

Known patterns, common web flaws, variants, and misconfigurations. High supply, low scarcity, often bounty-priced or used in volume operations.

Middle

Enterprise SaaS logic flaws, cloud trust-boundary failures, identity bugs, post-auth exploitation, workflow abuse, and edge-device weaknesses. This is where a large share of actual attacker economics lives.

Frontier

High-end multi-step chains against hardened T1 targets. Scarce, expensive, maintenance-heavy, and often purchased for stealth or specialized missions.

This middle band matters because it weakens the clean AI story. Many of these bugs are neither trivially automatable nor uniquely human-artisanal. They are the real battleground for AI assistance, defender improvement, and attacker substitution.

Part 19AI-Powered Discovery: What Is Proven, What Is Changing2026 Update

Parts 19–20: What's Changing. These sections focus on two live forces: AI-assisted security work and the collapse of the n-day weaponization window.

Between 2024 and 2026, AI-assisted vulnerability research moved from lab curiosity to useful workflow component. But the evidence is uneven. Some results are clearly production-relevant; some are benchmark wins; some macroeconomic claims remain inference.

The AI Discovery Shift

What's Actually Working

Capability	Status (2026)	Evidence Grade	Economic Impact
LLM-guided fuzzing	Production — Google Big Sleep (Project Zero + DeepMind) found exploitable stack buffer underflow in SQLite (CVE-2025-6965, CVSS 7.2). In one case, intercepted a 0day known only to threat actors before exploitation.	Proven in production	Reduces C_find for some known bug classes in C/C++ code
AI code review	Production — GitHub Copilot, Semgrep AI, CodeQL + ML models shipping	Proven in production	Defenders find bugs faster too — compresses shelf life (S)
Automated exploit generation	Research → Production — DARPA AIxCC detection jumped from 37% to 86% of vulns between semifinal and final. Team Atlanta ($4M prize). 4 of 7 systems open-sourced.	Benchmarked / bounded	Reduces C_dev, but reliability (R) still requires human tuning
Variant analysis	Production — LLMs excel at "find more bugs like this one"	Proven in production	Dramatically increases supply for known classes → reduces Scarcity (Sc)
Patch diffing automation	Production — AI-accelerated binary diffing is routine. GPT-4 generated working exploits for 87% of n-day vulns given CVE descriptions (UIUC 2024 study).	Mixed: production + research	Compresses patch-to-exploit timeline → accelerates time-decay (λ)

Impact on the Formula

AI discovery doesn't change the formula's structure — it changes the input values:

C_find(AI) ≈ C_find(human) × 0.1 – 0.5 (for bug classes AI handles well: memory corruption, injection, known patterns)

Factor	Pre-AI	Post-AI	Direction
Discovery cost	High (human researcher months)	Lower (AI finds variants in hours)	↓ Supply increase → downward price pressure
Scarcity (Sc)	High for many classes	Lower for AI-accessible classes	↓ More supply of known patterns
Shelf Life (S)	Months-years for some targets	Compressed — defenders use AI too	↓ Faster discovery = faster patching
Novelty (N)	Premium for new techniques	Increased premium — AI can't find truly novel bugs	↑ Human creativity premium grows
Asymmetry (A)	Varied	Shifts toward defender for known classes	↓ for known classes, unchanged for novel

Dowd's inflection point observation — "it's getting harder to hack than to secure" — is being accelerated by AI, but asymmetrically. For known bug classes, AI pushes the curve further toward defenders. For novel attack surfaces and logic bugs, the human researcher premium increases because AI can't replicate creative exploitation.

— Framework analysis, extending Dowd's thesis

The Paradox: Prices Rising Despite Cheaper Discovery

Zero-day prices are inflating ~44% annually (Crowdfense 2024: $7M for iOS, up from ~$2M in 2019; Operation Zero offering $20M for smartphone chains). How? Discovery cost is collapsing, but weaponization cost is exploding. Modern mitigations mean full exploitation chains now require 5+ components (sandbox escape, privilege escalation, persistence, etc.) where 3 sufficed before. Each component must be independently maintained. The dominant cost has shifted from C_find to C_maintain × chain_length — exactly what Dowd predicted.

— Synthesis of Crowdfense pricing data, Dowd's BlueHat 2023 analysis, and exploit chain complexity research

The Market Impact

AI does not cleanly split the market into human and machine domains. A better framing is three layers:

Commodity Tier (AI-Findable)

Memory corruption variants, injection patterns, known misconfigurations. AI finds these in bulk. Supply explodes. Prices collapse toward bug bounty floor. Scarcity → 0.5 or lower. These become the "electricity" of the exploit market — cheap, abundant, essential for volume operators (Model B, C, D).

Middle Tier (AI-Assisted)

Enterprise logic flaws, identity bugs, cloud trust failures, and workflow abuse. AI helps here, but mostly as acceleration, triage, and variant search rather than full autonomy. This is likely where the largest near-term economic shift happens.

Frontier Tier (Human-Led, AI-Assisted)

Novel attack surfaces, complex chains, architectural flaws, and the hardest stealth requirements. The premium here is not just cognition; it is also secrecy, trust, iterative adaptation, and operational discipline.

Part 20N-Day Acceleration: The Shrinking Window2026 Update

This may be the single most important trend in vulnerability economics. The time between patch publication and attacker use has compressed sharply. Official CISA guidance notes that among known exploited vulnerabilities, 42% are used on day 0 of disclosure, 50% within 2 days, and 75% within 28 days. Patches increasingly function as exploit roadmaps.

The Patch-to-Exploit Timeline

Era	Typical Timeline	Method
Pre-2020	Weeks to months	Manual reverse engineering of patches, human exploit development
2020-2023	Days to weeks	Automated binary diffing (BinDiff, Diaphora), faster tooling
2024-2026	Hours to days	AI-accelerated patch analysis, LLM-assisted exploit scaffolding, and faster public exploit circulation. Private-vendor reporting suggests average time-to-exploit near 5 days in many observed cases.

What This Means for the Framework

The 0day premium is under pressure from both sides. On the supply side, AI finds more bugs faster. On the demand side, n-day exploits become available so quickly after patches that buyers who don't need "day zero" capability can wait for the patch, reverse it, and have a working exploit within hours — at a fraction of the 0day price.

Premium_0day = V_0day − V_nday = f(t_{patch→exploit})

As t_{patch→exploit} → 0, the 0day premium → f(exclusivity, stealth) only

For Model A buyers, the 0day premium still survives where stealth and exclusivity matter. For Model B-style buyers, n-day acceleration is ideal because patch lag on edge and long-tail infrastructure remains large. For Model D, n-day is often already good enough and much cheaper.

The Defender's Dilemma Intensifies

Patches are now dual-use publications. Every security update is simultaneously a fix for defenders and a roadmap for attackers. The window where "patched = safe" was always a fiction — but it was a useful fiction when exploit development took weeks. At hours-to-days, the fiction collapses entirely.

— Framework analysis

This creates a perverse incentive structure:

For vendors: Patching faster helps your users who update, but also arms attackers faster against those who don't.
For defenders: The "patch Tuesday" model assumed you had days-to-weeks. You now have hours. Enterprise Linux patch cycles take 30-60 days; 50% of critical CISA KEV vulns remain unpatched 55 days after fix is available. Patch deployment speed is a security metric, not an ops convenience.
For attackers: The rational strategy shifts from "stockpile 0days" toward "maintain patch-diffing capability." One capability generates unlimited n-day exploits.
For bug bounty: Fast disclosure helps — but the window between "vendor knows" and "patch is reversed" is shrinking. Responsible disclosure timelines need to account for this.

Updated Time-Decay

The time-decay constant λ in the formula needs revision. In an AI-accelerated n-day world:

Target Type	λ (Pre-AI)	λ (2026)	Effective Half-Life
Mobile (iOS/Android)	0.05/month	0.08/month	~9 months → ~5 months
Desktop OS	0.03/month	0.05/month	~23 months → ~14 months
Server/Cloud	0.04/month	0.06/month	~17 months → ~12 months
IoT/Embedded	0.01/month	0.015/month	~69 months → ~46 months
Legacy/ICS	0.005/month	0.005/month	~139 months (unchanged)

Note: Legacy/ICS decay rates are unchanged because these targets don't benefit from AI-accelerated patching — they often can't patch at all. This further validates Model B economics.

Part 21Full Spectrum: All Models ComparedSummary

Model	Buyer	Bug Value Driver	Primary Targets	AI Impact
A	Five Eyes / boutique offensive	Stealth × exclusivity × chain completeness	T1 hardened platforms	↑ Premium for frontier, human-led work
B	PRC-style volume collection	Aggregate access × strategic position × duration	T3-T5 infrastructure	↓ AI finds more cheap bugs faster
C	Initial Access Brokers	Target revenue × access depth × freshness	Corporate networks	↔ Access is access regardless of method
D	Ransomware / criminal industrial	Expected ransom × payment probability − costs	Revenue-rich organizations	↓ More n-days faster = lower access cost
E	Chaotic / anti-economic	Visibility × political impact (non-monetary)	Symbolic / high-profile	↔ Social engineering bypasses exploit economics
F	Commercial surveillance vendors	License fee × customers × contract duration	T1 mobile (journalist/activist targets)	↑ AI finds bugs but can't replace chain maintenance; legal costs rising
G	Defensive intelligence (ZDI, TAG, etc.)	Customers protected × severity × speed advantage	All tiers (broadest coverage = most value)	↑ AI amplifies both discovery and signature generation

Part 22Limits, Counterarguments, and Failure Modes

Parts 22–23: Honest Assessment. Every framework has blind spots. The question is whether it makes them visible early enough.

The strongest version of this paper is not one that pretends to forecast exploit prices perfectly. It is one that states what it explains well, where it is extrapolating, and which events could break the model entirely.

The Steelman — Strongest Case For This Framework

Chain complexity increasing from 3 to 5+ components is empirically measured, vendor-confirmed, and architecturally irreversible.
Maintenance cost now dominates exploitation economics — every practitioner with direct market experience independently confirms this.
N-day weaponization collapsing to hours is the hardest data point, supported by multiple independent measurement sources.
Memory-safe language adoption is a one-way door — you cannot un-ship Rust kernel modules or revert Chrome to C++.
Government buyers face operational mandates that prevent substitution away from premium 0day capabilities regardless of price.
The premium on human creativity grows because AI excels at pattern-matching but cannot yet discover architectural novelty.
The Rust supply scissors — fewer memory corruption bugs plus longer chains — creates a genuine Nash equilibrium shift.
The offensive-defensive price divergence reflects two fundamentally different products sold to different buyers for different purposes.

The Counter-Argument — What the Framework Gets Wrong

False precision on opaque data. The ~44% inflation figure extrapolates from broker marketing catalogs, not transaction data. Predicting from Zerodium's published price list is like forecasting the housing market from Zillow Zestimates.
Compound math breaks it. 44% annual compound inflation means $55M per exploit chain in five years and $340M in ten — a number that exceeds every government procurement budget, guaranteeing a substitution breakpoint the model ignores.
The De Beers problem. The diamond market maintained artificial price tiers for decades through supply control, then collapsed within a single decade when synthetic diamonds democratized. AI-assisted chain discovery is the synthetic diamond of vulnerability markets.
Bug bounty data contradicts. Observable bug bounty payout data directly contradicts the AI deflation thesis: Google, Apple, and HackerOne payouts are all rising year-over-year through 2025, not falling.
The erased middle. The "two-tier" framing erases the fat middle — domain-specific logic bugs that are neither trivially automatable nor elite-tier — where most economic activity and most real-world breaches actually occur.
No shock model. The framework has zero model for cascade events: a single Vault 7-style leak cascades an entire T1 inventory into the n-day pool overnight, simultaneously destroying offensive investment value and supercharging criminal exploitation.
Self-defeating talent loop. Talent migration from deflating bounties to inflating offensive markets depletes the defensive research pipeline, expanding the attack surface that makes 0days viable — a feedback loop the model treats as two independent markets.
No historical precedent for permanence. No security market in history has bifurcated permanently — antivirus, pentesting, and encryption all showed decade-scale phase transitions before reconverging.

Additional Limits and Insights

"The 0day market is not a market at all but a collection of power relationships where pricing reflects leverage, classification authority, and legal threat — not supply, demand, or technical merit."

— IN-8, The Devil's Intern

"The 'human premium' is really a human secrecy premium. Humans can be trusted to keep secrets, sign NDAs, and face prison for violations. AI cannot be deposed, threatened with extradition, or have its passport revoked. The premium is about coercibility and accountability, not cognitive superiority."

— IN-8, The Devil's Intern

"Bug bounty was never primarily about finding bugs. It is a liability transfer mechanism and a compliance checkbox. Companies pay for the program's existence, not the bugs it finds. The price floor is set by SOC 2 compliance value, not the marginal cost of finding the next XSS."

— IN-8, The Devil's Intern

"Chain construction is combinatorial search with binary feedback — exactly AI's forte. The 'human creativity premium' is a comforting narrative for exploit developers who want to believe they are artisans. The search space is enumerable, and the feedback signal is perfectly binary. That is AI's dream problem."

— PT-1, Red Team Lead

"Both tiers collapse simultaneously if a major platform ships a formally verified microkernel. Premium collapses because chain complexity drops to 1-2. Commodity collapses upward because only logic bugs remain. Result: a single tier of moderately expensive logic bugs."

— EN-7, Failure Mode Analyst

Verdict: The directional forces are real — offensive prices rising, commodity discovery getting cheaper — but the framework mistakes a phase transition for an equilibrium. It overfits to a specific inflation rate from opaque data and ignores the second-order dynamics that will reshape the trajectory within 3-5 years in ways the current model cannot predict.

Part 23Price Trajectory Predictions (Adjusted for Limits)

Market Segment	Framework Prediction	Red Team Adjustment
T1 0day (iOS/Android full chain)	~44%/yr inflation indefinitely	15-25%/yr for 3-5 years, then demand ceiling triggers substitution to supply chain attacks, social engineering, and hardware implants
T2-T3 0day (enterprise, VPN, browser)	Moderate inflation	Flat to slight increase — the "fat middle" is undermodeled and is where most market activity actually lives
Bug bounty (commodity)	Deflation from AI	Stable to slight increase for 2-3 years (contradicts observable data), then possible AI-driven compression at low-end only
Bug bounty (premium/critical)	Premium increases	Agree — human creativity premium is real but has 3-5 year shelf life before AI chain discovery matures
N-day market	Operationally equivalent to 0day for most attackers	Strongest agreement — this is the most disruptive force and the most underappreciated by current pricing models
Criminal / ransomware	Shift to n-day reliance	Agree — already happening, accelerating. Identity-driven groups (prestige) will maintain irrational 0day investment

The Three-Horizon View

Near Term (2026-2028)

Current trends continue. T1 prices inflate 15-25%/yr. N-day becomes the default for Model B/D. Bug bounty payouts remain stable (compliance floor holds). AI augments but doesn't replace human researchers. The market appears to bifurcate.

Medium Term (2028-2031)

Substitution effects kick in. T1 buyers diversify toward supply chain, social engineering, and insider access as 0day prices exceed ROI thresholds. AI begins finding novel vulnerability classes (chain construction as search problem). Bug bounty's low-end compresses; premium segment holds. The "fat middle" becomes the primary battleground.

Far Term (2031-2036)

Phase transition completes. Memory-safe language adoption reaches critical mass in new code. 0day prices stabilize or decline as AI chain discovery matures. The market reconverges around a new equilibrium — not the original single market, but not a clean binary either. Logic bugs, architectural flaws, and human-factor attacks define the landscape. The framework needs to be rewritten.

The honest conclusion: This framework describes the present accurately and the near-term plausibly. Beyond 3-5 years, the model's assumptions degrade faster than the exploits it describes. The mechanisms — maintenance cost dominance, chain complexity, n-day collapse, memory-safe language adoption — are durable insights. The specific numbers are useful fictions with a short shelf life. Treat them accordingly.