Zero-day brokers offer 10-50x more than bug bounties, draining researchers from defense to offense

Zerodium pays $2.5M for a full-chain iOS zero-day while Apple's Security Bounty pays $200K for the same vulnerability class, creating a 12x price gap that economically incentivizes researchers to sell to offense rather than defense. The result is that the most capable exploit developers rationally choose the broker market, leaving defenders with lower-severity reports. This persists because defensive bug bounties are funded from security budgets with ROI pressure, while offensive buyers (nation-state intelligence agencies) have black budgets with no comparable cost constraints. The market will never reach parity because the offensive value of an exclusive zero-day exceeds its defensive value by definition.