Motherboard:

The startup is called Crowdfense and is based in the United Arab Emirates. In an unusual move in the normally secretive industry of so-called zero-days, Crowdfense sent out a press release to reporters on Tuesday, advertising what it calls a bug bounty.

And:

Crowdfense’s director Andrea Zapparoli Manzoni told me that he and his company are trying to join that market, purchasing zero-days from independent researchers and then selling them to law enforcement and intelligence agencies.

And:

“When I think about government agencies I don’t think about the military part, I think about the civilian part, that works against crime, terrorism, and stuff like that,” Zapparoli told me in a phone interview. “We only focus on tools aimed at doing activities of law enforcement or intelligence, not aimed at destroying or deteriorating the functionality and effectiveness of the target systems—but only aimed at collecting intelligence.”

And:

The company has a budget of $10 million for this “bug bounty.” Its backers, for now, are also secret.

The mind reels. Unless I misread this piece, no part of their plan is to share any discovered vulnerabilities with Apple. This is straight, help us break the system, not make it better.

“Vetting customers is the most delicate part of our whole activity,” Zapparoli said.

I’m going to go out on a limb and guess that your customer list will remain a secret as well. This whole thing is chilling to me.