New zero-day startup offers $20 million for tools that can hack any smartphone
Advanced Security Solutions launched this month and is now offering some of the highest prices, at least public ones, in the whole zero-day market. Zero-days are flaws in software that are unknown to the affected developer at the time of their discovery. These tools can be highly valuable for hackers, especially those working for law enforcement and intelligence agencies.
Apart from the highest bounty of $20 million, which applies to any mobile operating system, the company also offers bounties for exploits in various software: $15 million for the same type of zero-days for Android devices and for iPhones; $10 million for Windows; $5 million for Chrome; $1 million for Apple's Safari and Microsoft Edge browsers, among others.
It's unclear who is behind the company, and its customers.
'We empower government agencies, intelligence services, and law enforcement to operate with precision in the digital battlefield,' reads the company's website. 'We maintain continuous cooperation with over 25 governments and intelligence agencies worldwide. Our clients consistently return for new services, reflecting the trust and strategic value we provide in high-stakes operational contexts, including counterterrorism and narcotics control.'
The website also says that while the company is new, 'it is staffed exclusively by professionals with over 20 years of operational experience in elite intelligence units and private military contractors.'
Advanced Security Solutions did not respond to a series of questions, including who funds, owns, and runs the company, who the customers are, as well as whether the company has any self-imposed ethical, or legal restrictions on what governments to sell to.
Contact Us Do you have more information about Advanced Security Solutions, or other zero-day providers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or
Do you have more information about Advanced Security Solutions, or other zero-day providers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . You also can contact TechCrunch via SecureDrop
A security researcher with experience in the world of zero-days told TechCrunch that the prices offered by Advanced Security Solutions are approximately in line with the current market.
'Normally these advertised prices are in the ball park,' the person told TechCrunch on the condition of anonymity to speak candidly about the zero-day industry. The person added that the $20 million bounty 'is low depending on how unscrupulous you are.'
The researcher also warned that, personally, he wouldn't deal with a company that doesn't disclose who is behind it, such as in this case. 'I don't think you should sell bugs to anyone who's trying to hide who they are,' he said.
The market for zero-days has expanded considerably in the last ten years, both in terms of the number of companies participating in it, as well as the prices offered.
In 2015, Zerodium, a broker that much like Advanced Security Solutions also acquires zero-days from researchers and resells them to governments, was among the first-ever companies to publicize their price list. At the time, the company founded by veteran exploit broker Chaouki Bekrar offered up to $1 million for tools to hack iPhones. Then, three years later, came Crowdfense offering $3 million for the same type of zero-days.
A screenshot of the bounties offered by Advanced Security Solutions for zero-days in operating systems. (Image: techcrunch)
More recently, the prices of zero-days have skyrocketed, in part because there is higher demand and also because it's getting more difficult to hack modern devices and software, thanks to big tech companies improving their security.
Last year, Crowdfense published its new price list, which offered up to $7 million for zero-days to break into iPhones, and $5 million for the same type of exploits for Android. Customers can also buy zero-days for specific apps, especially messaging apps like WhatsApp (up to $8 million), and Telegram (up to $4 million).
For its part, Advanced Security Solutions says it offers $2 million for Telegram, Signal, and WhatsApp zero-days.
Russian zero-day company Operation Zero was an outlier in the market, offering up to $20 million for the same type of exploits that Advanced Security Solutions is looking for. Operation Zero is in a unique position because it says it works only with the Russian government, and for many researchers in the U.S. and Europe, it's illegal to sell their hacking tools to Russia, which means Operation Zero may have a harder time finding what it looks for.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
3 hours ago
- Yahoo
Raising multiple rounds of venture capital might be wrong for your startup
There's a generally accepted script in Silicon Valley: Identify a startup idea. Sell a chunk of your company to raise venture capital. Make sales. Raise more venture capital, and make more sales. Repeat until the company goes public, or gets acquired, hopefully for billions either way. But what if you didn't get on a fundraising treadmill after taking a first round? What if you structured your company to sprint to profitability through slower, sustainable growth, rather than the reverse — unprofitable growth — as so many VC-backed companies do? That's the question that Pukar Hamal, founder and CEO of SecurityPal AI, asked himself after raising a $21 million series A round in 2021 and, a year later, almost running out of money. The round was led by David Sacks's Craft Ventures, with participation from Andreessen Horowitz's Martin Casado and Okta co-founder Frederic Kerrest. 'I started the company back in March of 2020. It's my second company that I founded,' he said on TechCrunch's Equity podcast this week. His previous company, which sold via an acqui-hire, had raised its first capital before product market fit, he said. That's pretty common. Founders often raise before they've got a product that they know customers will pay well for. In retrospect, Hamal described that decision as his big 'mistake.' So for SecurityPal, he did the reverse. He waited until the company hit $1 million ARR, which took about a year, and then did his first and only raise, the Series A. SecurityPal uses AI to speed enterprise security due diligence, which occurs in every large enterprise transaction when signing new IT contracts. SecurityPal promises to shrink the security review from months to days or even hours, helping companies to save money on the process while closing deals faster. It has big-name customers like Airtable, Figma, LangChain, and Grammarly, among others. But in 2022, he faced a crisis. Interest rates rose and crashed the venture capital market. Raising more funds would be tough. 'We were burning a lot of capital,' he said. 'We were, like, 14 months away from running out of money.' It was a wake-up call. Hamal had to drastically cut expenses, which meant a big layoff. That was so painful, he said, that he vowed to do things differently. 'We extended our runway, and we tried to drive the company towards cash flow break even, cash flow positive profitability,' he said. Although in 2025 VC money is flowing again, especially for AI startups, 'we haven't raised another round,' he said. The reason? He sees now that VC money comes with its own price tag. 'The more capital we raise, the more expectations there are going to be, the more we're going to sort of give up control of the company, the more pressure we're going to feel to just hire a bunch of people that might not work out,' he said. 'For venture capital, what matters is growth,' he said. For some investors, fast revenue growth is more important than improving gross margins, he said. That means a company can fall deeper in the red even as it sells more. VCs trust that founders will figure out profitability later. Until then, they can keep raising funds. And if they can't, the company might not survive. Hamal wanted what he described as 'durable growth' for SecurityPal: slow and solid. If sales were limited to a handful of deployments at any given time, his team could ensure that all customers were well onboarded, even for their edge cases. He didn't want fast sales only to have customers not use the product and churn come renewal time. 'That story happens all the time because there's so much pressure on companies to grow,' he said. On the other hand, he said he found that slow ARR can lead to 'healthy gross margins, great cash collection.' Hamal is clear that he's not advocating against venture capital. Other startups may have to keep raising and chasing fast ARR. He's not even ruling out another round for SecurityPal. He just wants more founders to think about the slow-growth, nuanced alternatives. 'I raised venture capital. And I haven't raised it again because what I'm trying to do is put the business in a position where it doesn't need venture capital over and over again,' he said. Listen to the whole conversation on the Equity podcast, which includes Hamal's suggestions on how to find capital outside of venture. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Fast Company
3 hours ago
- Fast Company
Looking for career clarity? Build a personal board
No matter the career path, everyone eventually faces a moment of uncertainty. A sense of 'what's next?' Enterprise leaders are used to their corporate board pressuring them for a strong answer to this question, especially in an era where expectations around innovation and AI adoption are accelerating at rates we've never seen before. For others, it's about finding the next big project to drive impact or charting a path toward a long-awaited promotion or raise. And for a few, it's wrestling with how to turn an unknown startup into something that can stand out in a market dominated by whales. I spent 23 years at Microsoft, traveling the world, reaching major career milestones, and building lifelong relationships with partners and colleagues. I genuinely believed I'd spend my entire career there. At one point, I even joked they'd have to wheel me out when I was done. But there came a defining moment when I had to ask myself: am I ready to take a leap and build something new, or would I be better off in a tenured position? That moment revealed just how powerful a 'personal board' can be. Having a trusted group of advisors to help navigate crucial career decisions can make all the difference for your professional and personal well-being. INTRODUCING THE PERSONAL BOARD The personal board—first popularized by renowned business strategist and author Jim Collins —introduces the idea of surrounding yourself with a trusted circle of mentors and advisors who offer honest, strategic, and diverse input. Unlike a traditional corporate board, which focuses primarily on quantifiable metrics and performance, a personal board helps guide your success more holistically: in business, in life, and in everything in between. This board unites a varied range of perspectives, from seasoned industry and outside-industry veterans to peers and trusted voices. Their goals are to challenge your thinking, expand your viewpoint, and help reduce uncertainty when making high-stakes decisions. HOW A PERSONAL BOARD EXPANDED MY CAREER My first personal board member came from the VC space. This challenged me to think like an entrepreneur. Then he opened the door for me to become one. He introduced me to Vadim Vladimirskiy, who would later become my co-founder at our enterprise. At the time, I assumed the connection was a simple introduction to help Vadim navigate Microsoft's partner ecosystem. I had no idea that conversation would lead to the opportunity of a lifetime. As a personal board member, my mentor did more than expand my network. He offered perspective. He challenged me to think boldly. And when I began to seriously consider leaving a safe, tenured position, he helped me frame the opportunity not just as a career move, but as a strategic and personal transformation. Looking back, that moment reaffirmed the real value of having a personal board. When the stakes are high and the next move isn't clear, having trusted voices who know you and are willing to push you changes everything. TIPS FOR BUILDING A BOARD Over the years, the insights I've gained from the trusted voices on my personal board have served as a steady compass, offering perspective in moments of clarity and challenge alike. Here are a few key lessons I've taken with me: 1. Trust your instincts but verify them with input from those you respect. Even the best instincts can benefit from being pressure-tested. A gut feeling double-checked by your personal board can ensure success in the corporate boardroom. 2. Find a good cross-section of people who can give you diverse perspectives. No matter how experienced you are, you simply don't know what you don't know. A personal board assembled of individuals from varied backgrounds, industries, and life experiences helps uncover blind spots and challenge assumptions. 3. You never need to make career decisions alone. Leadership can often feel isolating. But it doesn't have to be. Having a personal board means you have a team dedicated to your success as a professional and individual. They help you lead your life with purpose, direction, and authenticity. WHO'S ON YOUR BOARD? Success isn't just about what you know or who you know. It's about who you trust enough to help guide you through moments of real uncertainty. That's where the power of a personal board comes in. You don't have to wait for a crisis to assemble your personal board. Start now, thoughtfully, and intentionally. Identify mentors. Build relationships with peers you admire. Seek out people outside your industry who bring fresh perspectives.
TechCrunch
3 hours ago
- TechCrunch
Raising multiple rounds of venture capital might be wrong for your startup
There's a generally accepted script in Silicon Valley: Identify a startup idea. Sell a chunk of your company to raise venture capital. Make sales. Raise more venture capital, and make more sales. Repeat until the company goes public, or gets acquired, hopefully for billions either way. But what if you didn't get on a fundraising treadmill after taking a first round? What if you structured your company to sprint to profitability through slower, sustainable growth, rather than the reverse — unprofitable growth — as so many VC-backed companies do? That's the question that Pukar Hamal, founder and CEO of SecurityPal AI, asked himself after raising a $21 million series A round in 2021 and, a year later, almost running out of money. The round was led by David Sacks's Craft Ventures, with participation from Andreessen Horowitz's Martin Casado and Okta co-founder Frederic Kerrest. 'I started the company back in March of 2020. It's my second company that I founded,' he said on TechCrunch's Equity podcast this week. His previous company, which sold via an acqui-hire, had raised its first capital before product market fit, he said. That's pretty common. Founders often raise before they've got a product that they know customers will pay well for. In retrospect, Hamal described that decision as his big 'mistake.' So for SecurityPal, he did the reverse. He waited until the company hit $1 million ARR, which took about a year, and then did his first and only raise, the Series A. Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital, Elad Gil — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $600+ before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | REGISTER NOW SecurityPal uses AI to speed enterprise security due diligence, which occurs in every large enterprise transaction when signing new IT contracts. SecurityPal promises to shrink the security review from months to days or even hours, helping companies to save money on the process while closing deals faster. It has big-name customers like Airtable, Figma, LangChain, and Grammarly, among others. But in 2022, he faced a crisis. Interest rates rose and crashed the venture capital market. Raising more funds would be tough. 'We were burning a lot of capital,' he said. 'We were, like, 14 months away from running out of money.' It was a wake-up call. Hamal had to drastically cut expenses, which meant a big layoff. That was so painful, he said, that he vowed to do things differently. 'We extended our runway, and we tried to drive the company towards cash flow break even, cash flow positive profitability,' he said. Although in 2025 VC money is flowing again, especially for AI startups, 'we haven't raised another round,' he said. The reason? He sees now that VC money comes with its own price tag. 'The more capital we raise, the more expectations there are going to be, the more we're going to sort of give up control of the company, the more pressure we're going to feel to just hire a bunch of people that might not work out,' he said. 'For venture capital, what matters is growth,' he said. For some investors, fast revenue growth is more important than improving gross margins, he said. That means a company can fall deeper in the red even as it sells more. VCs trust that founders will figure out profitability later. Until then, they can keep raising funds. And if they can't, the company might not survive. Hamal wanted what he described as 'durable growth' for SecurityPal: slow and solid. If sales were limited to a handful of deployments at any given time, his team could ensure that all customers were well onboarded, even for their edge cases. He didn't want fast sales only to have customers not use the product and churn come renewal time. 'That story happens all the time because there's so much pressure on companies to grow,' he said. On the other hand, he said he found that slow ARR can lead to 'healthy gross margins, great cash collection.' Hamal is clear that he's not advocating against venture capital. Other startups may have to keep raising and chasing fast ARR. He's not even ruling out another round for SecurityPal. He just wants more founders to think about the slow-growth, nuanced alternatives. 'I raised venture capital. And I haven't raised it again because what I'm trying to do is put the business in a position where it doesn't need venture capital over and over again,' he said. Listen to the whole conversation on the Equity podcast, which includes Hamal's suggestions on how to find capital outside of venture.
