Executive Summary
Governments and private exploit brokers have built a multi-billion-dollar market for undisclosed software vulnerabilities, creating a structural security deficit where the same flaws purchased for intelligence collection remain unpatched and available for adversaries to discover independently.
The Council on Foreign Relations, the Atlantic Council, and Google's Threat Intelligence Group have each documented how this market operates across three tiers: a white market where vendors pay bug bounties, a gray market where government-aligned brokers such as Crowdfense and (formerly) Zerodium pay orders of magnitude more for exclusive access, and a black market where criminal groups acquire burned or second-tier exploits. The February 2026 US sanctions against Russia's Operation Zero marked the first use of the Protecting American Intellectual Property Act against a foreign exploit broker, confirming both the scale of the market and the geopolitical stakes attached to it.
- CISO/security teams: As of mid-2026, assume any major platform you operate has outstanding undisclosed vulnerabilities held by at least one government or commercial surveillance vendor; budget for behavioral detection (EDR/NDR), not just patch-based defenses.
- Risk officers/investors: Cybersecurity market revenue is projected to grow from $302 billion in 2026 to $663 billion by 2033 (Grand View Research); demand is being driven in part by the proliferation risk this market creates.
- Policy/government stakeholders: The US Vulnerabilities Equities Process requires annual review of retained zero-days but allows indefinite retention, and the Shadow Brokers precedent shows what happens when that stockpile leaks.
The zero-day market's structural incentive toward hoarding over disclosure makes the next large-scale exploit-weaponization incident moderate-to-high confidence, not exceptional.
Key Findings
- Nation-states, led by the United States and a small cluster of allies, are the primary buyers in the gray-market zero-day economy, and the price inflation this demand creates is now measurable.
- Russia's Operation Zero, sanctioned by the US Treasury and State Department in February 2026, confirms that state-backed non-NATO broker markets now operate as institutionalized supply chains for offensive cyber weapons, not opportunistic gray-zone actors.
- The non-disclosure cost of zero-day hoarding is not theoretical: the NSA's stockpiled EternalBlue exploit, developed by Tailored Access Operations and withheld from Microsoft, was weaponized after the Shadow Brokers leak into WannaCry (2017) and NotPetya (2017), causing damages estimated in the billions of dollars across more than 150 countries.
- Commercial surveillance vendors, not nation-states directly, are now the leading attributed source of zero-day exploitation, shifting the market's center of gravity and making regulation harder.
- AI-assisted vulnerability discovery is compressing the gap between "zero-day found" and "zero-day weaponized," lowering the barrier to entry for mid-tier state actors and well-funded criminal groups within a 2-to-3-year window.
- As of July 2026, the NSA has revived its Tailored Access Operations nomenclature under Deputy Director Tim Kosiba, consolidating exploit developers and operators under a unified command, signaling a shift toward more integrated offensive posture at a moment when the regulatory environment around zero-day disclosure is stagnant.
How The Market Is Structured
The zero-day market operates in three tiers that rarely interact directly, each with distinct pricing, clientele, and legal exposure. Understanding which tier a specific exploit entered determines how long it stays unpatched and who benefits.
The white market includes formal bug bounty programs run by vendors such as Apple, Microsoft, and Google, as well as platforms like HackerOne and Bugcrowd. The Council on Foreign Relations notes that bug bounty programs have made it easier for buyers and sellers to find one another in this tier, but white-market payouts remain a fraction of gray-market rates. Apple's maximum bug bounty for iOS vulnerabilities is roughly $200,000, against Crowdfense's published ceiling of $7 million for the same class of exploit. The payment gap, estimated at a factor of ten to one hundred by Agentik OS's 2026 analysis, structurally redirects researchers toward gray-market brokers.
The gray market is where governments and their contractors operate. The Atlantic Council's November 2025 report on intermediaries in the proliferation of offensive cyber capabilities describes how brokers establish clientele through personal relationships and can sell a single exploit component to a chain of buyers before it reaches the end government client. Agencies including the NSA, GCHQ, Mossad, and China's MSS purchase zero-days to support surveillance, counterterrorism, and espionage operations, according to a Medium investigative summary drawing on government and industry press. Many of these agencies maintain internal development teams, such as TAO, but also buy from contractors to fill capability gaps.
What is not being reported: The gray market's opacity means that estimates of its size vary widely even among researchers with access to procurement data. The Council on Foreign Relations assessment notes that buyers and sellers rarely publicly disclose vulnerability prices in gray and black markets, making it "difficult to estimate the size and value of those markets." The market's actual annual volume, including classified government procurement contracts, is not known from open sources.
The black market rounds out the bottom tier. Criminal groups typically buy second-rate or burned exploits rather than highest-value tools, as noted by multiple industry analyses. However, the boundary between tiers is permeable: a zero-day developed for state espionage can migrate to criminal ransomware operators within years of its first use. GCS Technologies' 2026 analysis puts this plainly: a zero-day used by a nation-state in 2024 can end up in a ransomware kit targeting small businesses in 2026. SonicWall's June 2026 disclosure of CVE-2026-15409 and CVE-2026-15410, two zero-days first exploited June 22 and moderate-to-high confidence targeting ransomware delivery (Rapid7), illustrates exactly this pathway.
This migration from state exploit to criminal tool is the central cost mechanism of non-disclosure. When governments retain vulnerabilities under their equities processes, they make a tacit bet that no adversary will independently discover the same flaw. Georgetown Security Studies Review research shows zero-day vulnerabilities remain undiscovered, on average, for seven years, but that period does not mean secure: it means any capable adversary independently developing the same exploit faces the same discovery window.
The Non-Disclosure Cost The Vep Was Designed To Bound
The US Vulnerabilities Equities Process, described in the White House's public VEP charter, was designed to balance intelligence value against public security risk. The policy explicitly states its "primary focus" is to "protect core Internet infrastructure...through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes."
Short-term gain, long-term cost: What the VEP's structure does not resolve is the organizational incentive asymmetry it creates. The agency that discovered or purchased a zero-day bears the cost of disclosure (losing the capability) but distributes the security benefit across all users of the affected software, including foreign adversaries. A former NSA TAO employee, quoted in Techdirt's 2016 coverage, stated: "While I was there, I can't think of a single example of a zero-day [flaw] used by the agency where we subsequently said, 'Okay, we're done with it and let's turn it over to the defensive side.'" This organizational culture of retention is not exclusive to the NSA. The Halcyon analysis of Operation Zero states that Russia has "built a cybercriminal ecosystem that thrives on specialization," with Operation Zero sourcing high-end zero-days, initial access brokers selling footholds, and ransomware crews executing operations in a division of labor that reflects coordinated policy rather than chaos.
The VEP policy calls for annual review of any retained vulnerability, a cadence the Council on Foreign Relations assessed as a "pass" but noted still allows indefinite retention if each annual review confirms intelligence value. The policy additionally permits agencies to enter into non-disclosure agreements with vulnerability researchers and resellers, which the CFR separately assessed as a failure. Those NDAs prevent the VEP process from even being triggered in some cases.
The Shadow Brokers case made the cost of retention concrete. The NSA's EternalBlue exploit, built by Tailored Access Operations and withheld from Microsoft, was stolen and released by the Shadow Brokers group in 2016-2017. EternalBlue was subsequently repurposed into the WannaCry ransomware attributed to North Korea and the NotPetya attack attributed to Russian military intelligence, which Wikipedia's Tailored Access Operations entry notes "caused billions of dollars in global damage." WannaCry disrupted the UK's National Health Service and spread to over 150 countries.
The Trump administration's March 2026 Cyber Strategy for America, reported by Dark Reading in June 2026, signals that offensive posture will expand, not contract. The document's declaration that the US "will deploy the full suite of US government defensive and offensive cyber operations" is assessed by Dark Reading analyst Nate Nelson as moderate-to-high confidence to "change the narrative of how some of these other countries approach the cyber operations they perpetrate." This translates directly into elevated risk for civilian critical infrastructure globally, because escalation cycles in cyber operations do not respect sector boundaries.
Operation Zero, Sanctions, And The Broker Proliferation Problem
The February 2026 US sanctions against Operation Zero (formally Matrix LLC) and its founder Sergey Zelenyuk represent the clearest public documentation of how the market operates outside Western regulatory jurisdiction. Rescana's analysis of the OFAC enforcement action notes that Operation Zero purchased zero-day exploits, including tools allegedly stolen from US defense contractor Trenchant (L3Harris subsidiary), from an insider who sold them for $1.3 million in cryptocurrency. Those exploits were then resold to Russian government clients.
Capability without confirmed intent: Operation Zero publicly states it sells only to Russian entities, primarily FSB, GRU, and aligned contractors. But the Halcyon assessment observes that "there's no real firewall between Russian intelligence ops and ransomware crews," with overlap in tools, loaders, and initial access methods. Sanctioning the broker does not address the underlying demand that sustains it: Russian intelligence services will acquire zero-days from alternative sources if Operation Zero is effectively shut down.
The UAE-based front company (Special Technology Services LLC FZ) that Operation Zero established demonstrates the structural challenge for any regulatory response. Brokers can establish legal entities in jurisdictions with weaker export control regimes, route transactions through cryptocurrency, and operate behind layered intermediary chains. The Atlantic Council's November 2025 Mythical Beasts report notes that "brokers can serve as direct links between the seller and a buyer or can sell to another broker in the chain who then sells to an end client," making attribution difficult even with OFAC-quality investigation resources.
This proliferation dynamic is compounding. Google GTIG tracked 90 zero-day exploits confirmed in the wild in 2025, up's revised figure of 78, with nearly half targeting enterprise infrastructure. Of those 90, operating systems accounted for 44% of the total, up from the prior year. CrowdStrike's 2025 Global Threat Report found that behavioral detection identified 75% of zero-day exploitation events before any signature existed, suggesting that defenders who rely on patch-based posture are structurally behind the exploitation curve.
The sanctions also shed light on the normative gap. The US government simultaneously purchases zero-days through classified contracts, maintains a VEP process that allows indefinite retention, and now sanctions foreign brokers for doing structurally similar things with different clients. The Council on Foreign Relations' framework for incentivizing zero-day disclosure versus non-disclosure acknowledges this tension: "When governments acquire zero-days, they have similar choices: reveal the flaw or choose to keep it secret, building a stockpile for intelligence gathering or offensive operations." No binding international agreement governs these choices.
Expert Integration
Expert Consensus Assessment
Analysts across government, academic, and think-tank communities agree on the market's basic structure, that nation-states are the primary demand driver, and that non-disclosure carries proliferation risk. Disagreement centers on whether the intelligence value of retaining zero-days outweighs the systemic security cost, and whether the Vulnerabilities Equities Process is an adequate governance mechanism.
Expert Disagreement Areas
- VEP adequacy: The Council on Foreign Relations and Columbia Journal of International Affairs both identify structural weaknesses in the VEP (NDAs, indefinite retention, NSC coordination), while former NSA officials have defended the process as "excellent" in design if flawed in execution.
- Primary driver of market growth: Bright Defense and Google GTIG attribute rising exploitation volume primarily to commercial surveillance vendors; the Georgetown Security Studies Review and older CFR analyses emphasize nation-states as the structural anchor of demand.
- AI's near-term impact: Google GTIG and Agentik OS project significant AI-driven acceleration of zero-day discovery, but the RAND Corporation's historical research on zero-day longevity suggests platform hardening partially offsets this by making each exploit harder to develop, not easier.
Systematic-Expert Alignment
Alignment: MIXED
This assessment aligns with expert consensus that governments are the primary demand anchor and that non-disclosure carries measurable proliferation risk (Shadow Brokers, EternalBlue, WannaCry). The assessment diverges slightly from the more optimistic readings of the VEP by former NSA officials, weighting the March 2026 Cyber Strategy and the TAO nomenclature revival as signals that offensive accumulation is accelerating, not stabilizing.
Key Assumptions
| Assumption | Supporting Evidence | Falsifying Evidence | Impact if Wrong | Monitoring Metric |
|---|---|---|---|---|
| Nation-states remain the primary demand anchor for high-value zero-days | Wikipedia market entry; CFR report; Five Eyes market plurality confirmed in multiple sources; Google GTIG attribution data | A major shift toward criminal group willingness to pay $5M+ per exploit, sustained over multiple quarters | Would require reassessing the governance lever: disclosure norms and VEP reform would matter less if criminal demand is driving prices, not state demand | Google GTIG annual zero-day attribution report (Q1 each year) |
| The VEP as currently structured allows indefinite retention of most zero-days agencies want to keep | VEP Charter text (White House); annual review requirement without mandatory disclosure trigger; CFR grading of NDAs as a "fail" | Legislative or executive order mandating mandatory disclosure timelines; VEP audit results showing high disclosure rates | If wrong in the direction of more disclosure, proliferation risk would be lower than assessed; if wrong in the direction of less oversight, risk is higher | Congressional hearings on VEP reform; ODNI annual transparency report on vulnerability disclosure |
| Exploit proliferation from state stockpiles to criminal actors is a recurring, not exceptional, pattern | EternalBlue-to-WannaCry precedent; GCS Technologies analysis of state-to-criminal migration; SonicWall June 2026 zero-days attributed to ransomware actors | Evidence that patching cycles are now fast enough to close the window between state use and criminal repurposing | If proliferation is rarer than assessed, the stockpiling cost argument weakens substantially | CISA KEV catalog growth rate; time delta between state exploit use and criminal weaponization in post-incident reports |
| AI-assisted vulnerability discovery will materially accelerate zero-day supply within 2-3 years | LLM-guided fuzzing research (2025 university papers); Google GTIG 2026 AI threat forecast; Seceon AI attack taxonomy | Vendors successfully deploying AI-assisted hardening faster than AI-assisted discovery reduces exploit windows | If AI defense outpaces AI offense, exploit prices may plateau or decline, reducing government incentive to stockpile | CrowdStrike annual Global Threat Report; CVE publication rate from NVD by month |
Counterarguments
-
The VEP functions better than critics claim, and the Shadow Brokers comparison is unrepresentative: The WannaCry/NotPetya cascade was an extraordinary failure of operational security by the NSA, not a systemic outcome of zero-day retention per se. Former NSA Cybersecurity Coordinator Rob Joyce has stated that the agency's retention is selective, and that most vulnerabilities do flow through disclosure. The VEP Charter itself states a "bias toward responsible disclosure." If the Shadow Brokers event is treated as the expected outcome rather than a tail risk, the analysis overstates the baseline cost of retention. The counterpoint requires acknowledging that a former TAO employee's "hundreds" of flaw observations without any disclosure event suggests the stated bias is not reflected in practice.
-
Government zero-day purchasing may crowd out criminal acquisition in ways that reduce net risk: If intelligence agencies are the highest-value buyers, and they use zero-days for targeted espionage rather than mass exploitation, the alternative is not a world without those zero-days being purchased. It is a world where criminal groups or less sophisticated actors acquire them instead. The Halcyon analysis of Operation Zero implies that Russian intelligence has moved toward tighter control of exploit supply chains precisely to prevent criminal misuse. This is not a full defense of non-disclosure, but it challenges the framing that less government purchasing equals safer software.
-
Sanctions against Operation Zero may accelerate broker fragmentation rather than reducing supply: By sanctioning a named Russian broker, the US Treasury has signaled to the market that public-facing broker firms are regulatory targets. The rational response for surviving brokers, as seen in the Operation Zero UAE front company (STS), is greater opacity, not market exit. The Atlantic Council's Mythical Beasts report documents precisely this broker chain fragmentation dynamic. A consequence is that the next Operation Zero will operate without a LinkedIn presence and a public price list, making future detection and sanction harder, not easier.
Indicators To Watch
| Indicator | Current State | Warning Threshold | Time Horizon |
|---|---|---|---|
| Crowdfense/active broker acquisition program price ceilings | $9M for zero-click iOS/Android chain (as of 2026) | Increase above $12M signals new demand entrant or platform hardening requiring richer exploit chains | 6-12 months |
| CISA KEV catalog additions per quarter | 245 additions in full-year 2025; 3 zero-days in Microsoft July 2026 Patch Tuesday | More than 75 KEV additions in a single quarter, or more than 5 actively exploited zero-days in a single vendor's patch cycle | 30-90 days |
| US government offensive cyber operation declarations | March 2026 Cyber Strategy commits to "full suite of offensive cyber operations" | Any executive order or classified directive restructuring VEP review timeline or removing NSC coordination requirement | 3-6 months |
| NSA TAO campus construction and staffing | TAO nomenclature revived July 2026; dedicated campus facility planned | Evidence of significant contractor hiring or facility expansion consistent with expanded exploit development mandate | 6-18 months |
| AI-assisted vulnerability discovery publications | LLM-guided fuzzing papers in 2025 showed 3x CVE rediscovery speed | Peer-reviewed or credible preprint demonstrating autonomous discovery of previously unknown zero-days | 12-24 months |
| Broker market fragmentation post-sanctions | Operation Zero sanctioned Feb 2026; UAE front company model documented | New broker firms emerging in Gulf, Southeast Asian, or African jurisdictions with government contract language | 6-12 months |
Near-term watch list: (1) Microsoft August 2026 Patch Tuesday, approximately August 12, will reveal whether the July 2026 record 570-flaw release reflects a structural backlog or an exceptional month; any additional zero-days in that release updates the exploitation rate baseline. (2) ODNI annual Intelligence Community Transparency Report, expected Q4 2026, contains the most recent publicly available VEP disclosure statistics and would update the retention-versus-disclosure ratio. (3) Congressional hearings on Operation Zero sanctions, which had not been announced as of mid-July 2026, would reveal whether PAIPA enforcement is a one-time action or a new enforcement paradigm for broker markets.
Decision Relevance
Scenario A (~55%): Persistent market expansion with incremental regulatory action. The zero-day market continues to grow, broker prices inflate at a sustained but somewhat reduced rate, and US and allied governments apply selective sanctions to the most visible non-NATO brokers without fundamentally reforming the VEP or addressing commercial surveillance vendor activity. If your infrastructure relies on edge devices, VPN appliances, or enterprise communication platforms, this scenario means a running baseline of active zero-day exploitation in your sector that patch-based defense alone cannot address. Deploy behavioral detection (CrowdStrike, SentinelOne) capable of identifying exploitation activity before signatures exist, and assume that any critical device running firmware older than 90 days may have an active exploit in commercial hands. If you lack that exposure, use the window to negotiate SLA commitments with major vendors around zero-day notification timelines.
Scenario B (~30%): Major stockpile leak or AI-accelerated zero-day cascade reaches critical infrastructure. A state stockpile, whether from the NSA, Chinese MSS, or a broker holding government-purchased tools, leaks or is deliberately released, producing a WannaCry-scale exploitation wave. Alternatively, AI-assisted discovery compresses the time between vulnerability identification and weaponization enough that critical infrastructure sectors face simultaneous multi-vendor zero-day exploitation. If you operate critical infrastructure or manage SCADA/OT environments, activate your incident response retainer now, not when an incident is detected; the window from exploitation to encryption in ransomware scenarios is now under one hour in observed cases. If you are a risk officer with cyber liability exposure, review policy language for "war exclusion" clauses and consult legal counsel on whether a state-leaked stockpile exploit triggering ransomware constitutes a covered event.
Scenario C (~15%): VEP reform or multilateral disclosure framework produces meaningful change. Political conditions shift, Congress passes legislation mandating disclosure timelines, or a US-led diplomatic initiative produces a non-binding framework for zero-day notification among Five Eyes partners and aligned allies. If you are a policy researcher or government advisory professional, this scenario's inflection point is the 2026 ODNI transparency report and any Congressional markup of VEP reform legislation. Begin engaging the relevant House and Senate intelligence committee staffers now; the window for input on any legislative vehicle is typically before markup, not after.
Analytical Limitations
- The gray and black markets generate very little primary-source data. Most price and volume estimates derive from a small number of disclosed transactions (Operation Zero OFAC filings, Hacking Team breach documents, Zerodium public price lists), and Zerodium disabled its website in January 2025. Current broker pricing for many categories rests on Crowdfense's published acquisition program, which may not reflect actual transaction prices.
- Government zero-day procurement occurs under classified contracts. The VEP process operates at classified levels, and ODNI's transparency reports cover broad trends without case-level detail. The number of zero-days currently held by US intelligence agencies, or by allied services, is not known from open sources; any estimate would be inference.
- The AI-assisted discovery finding rests on 2025 university research demonstrating accelerated rediscovery of known CVEs, not autonomous discovery of novel zero-days. The gap between these capabilities is material; this assessment may overstate the near-term timeline if that gap proves harder to close than current research suggests.
- The Operation Zero sanctions, as the first use of PAIPA against a foreign exploit broker, have no established precedent for measuring their deterrent effect. Whether they suppress the non-NATO broker market or accelerate its fragmentation and opacity cannot be assessed until more than six months of post-sanction market behavior is observed.
- Chinese state-sponsored zero-day capability, which Google GTIG's John Hultquist describes as a "significant zero-day development ecosystem that includes industry, academia, and government," is largely invisible to open-source analysis. China-nexus groups were the most prolific state-sponsored exploiters in 2025, but their acquisition and retention practices are not documented in the sources available for this assessment.
Sources & Evidence Base
- UngradedBalancing Zero-Day Vulnerabilities Between Operational Capability and Public Disclosure – Georgetown Security Studies Review
georgetownsecuritystudiesreview.org
- Zero-day market, the governments are the main buyers
securityaffairs.com
- Zero-day market, the governments are the main buyers - Cyber Defense Magazine
cyberdefensemagazine.com
- UngradedZero Day Brokers – Darknet Diaries
darknetdiaries.com
- Zero-Day Threats in 2026 Security Leaders Must Prepare For
ampcuscyber.com
- UngradedZero day vulnerability trade is lucrative but risky
techmonitor.ai