Apple has expanded its bug bounty program by doubling the maximum reward to $2 million for reporting zero-click remote compromise vulnerabilities, with potential payouts exceeding $5 million through bonuses. The program, which has awarded $35 million since its inception in 2020, also introduces new categories and increased rewards for various types of attacks, aiming to incentivize security researchers to report critical vulnerabilities. Additionally, Apple plans to distribute secured iPhone 17 devices to civil society organizations at risk of spyware attacks in 2026.

Microsoft awarded $17 million to 344 security researchers in the past year through its bug bounty programs, marking the highest annual payout since the programs began in 2018. The total amount distributed across all years now reaches $92.5 million, with ongoing updates to enhance program coverage and align with emerging security challenges.

HackerOne has disbursed $81 million in bug bounties over the past year, reflecting a 13% year-over-year increase. The demand for AI security has surged, with AI vulnerabilities rising by over 200%, while traditional vulnerabilities like XSS and SQL injection are declining. A significant number of researchers are now utilizing AI tools to enhance their security testing efforts.