A New Era of Cyber Threat Intelligence Begins
In a move that could redefine how cybersecurity professionals confront pre-attack threats, Desired Effect has officially launched the Desired Effect Marketplace—the industry’s first ethical market for vulnerability and exploit intelligence. The platform enables organizations and independent security researchers to trade in zero-day exploits legally and transparently, offering defenders immediate pre-attack insight and researchers the compensation and recognition they have long been denied.
Announced just ahead of the RSA Conference 2025, this launch signals a strategic shift in the exploit economy, which has long operated in the shadows, tipping the scales of advantage away from attackers and into the hands of defenders.
Empowering Defenders with Actionable Intelligence
At the core of Desired Effect’s proposition is its ability to provide defenders with early access to intelligence on zero-day vulnerabilities tailored to their unique technology stack. Through its marketplace and cyber threat intelligence (CTI) feed, subscribers can detect and address vulnerabilities before they’re weaponized.
“We deliver disruptively superior intelligence feeds because we get closer to the source,” said Evan Dornbush, CEO and founder of Desired Effect, and a former NSA cybersecurity expert. “We elicit and leverage cutting-edge research by providing a platform for researchers to ethically sell exploits to vetted buyers.”
The platform gives security teams the option to buy exploit IPs directly or pool resources with others for shared protection—ushering in a model that crowdsources defense instead of relying on retrospective threat reporting.
A Win for Researchers and the Ethical Hacking Community
Independent researchers often serve as the silent backbone of the cybersecurity industry, discovering critical vulnerabilities with little recognition or reward. Desired Effect seeks to change that paradigm. Through its marketplace, researchers can set their own terms—pricing, intellectual property rights, buyer criteria, and whether to receive public acknowledgment for their discoveries.
“We forget,” Dornbush wrote in a recent blog post, “this entire industry—every single penny in the $3 trillion marketplace—exists because of the vulnerability research community. All of it. Built on the backs of that one kid who decides not to believe the hype.”
For the first time, this community has a platform that treats their contributions as assets worthy of protection and compensation. The marketplace enables researchers to retain control over their intellectual property while also deciding how and when their discoveries are shared.
Reframing Cybersecurity Intelligence
Desired Effect’s innovation challenges the traditional definitions of cyber threat intelligence and vulnerability management. One investor put it plainly: “Cyber threat intelligence and vulnerability management are focused on understanding and mitigating potential IT risks by sharing past and present threat behavior. Desired Effect lets organizations understand pre-emergent threats—reframing these cybersecurity categories.”
By unlocking visibility into threats that haven’t yet been weaponized, defenders gain a decisive advantage. They can harden systems, alert technology vendors early, and even remove exploits from circulation entirely. This shift moves the cybersecurity posture from reactive to proactive in a meaningful, measurable way.
Undermining the Attacker’s Advantage
Historically, attackers have enjoyed both the first-mover advantage and access to cheap exploits on shadowy dark web markets. That dynamic, Dornbush argues, has unfairly tilted the playing field.
“Over the last decade, exploits have been readily available, cheaply and without competition, in sketchy shadow markets, allowing criminals with marginal skill and budget to amass fortunes using cheap exploits, putting both defenders and researchers at a disadvantage,” he said. “The Desired Effect Marketplace upends that dynamic by allowing those most likely affected by exploits—i.e., the defenders—to achieve the earliest threat intelligence possible.”
By increasing the cost of access to critical attack tooling and limiting its availability to malicious actors, the marketplace undercuts the foundation of cybercrime’s economic model.
How the Marketplace Works
For Defenders:
Organizations subscribe to access a tailored intelligence feed that highlights vulnerabilities relevant to their specific environment. Defenders can purchase exclusive access to zero-day exploits or form buying pools with other vetted organizations to acquire and neutralize them. This immediate insight allows for real-time patching and remediation before exploitation can occur.
For Researchers:
Desired Effect introduces a transparent and ethical avenue for researchers to monetize their work. Unlike traditional bounty programs or unregulated black markets, the marketplace gives them autonomy. They determine pricing, licensing terms, and visibility preferences, helping them maintain control over their work and its impact.
For Vendors:
The platform serves as an early warning system for technology vendors, allowing them to address security issues long before adversaries can exploit them. Vendors are also invited to participate as subscribers, enabling better alignment of product development cycles with threat awareness.
For Attackers:
In Dornbush’s words: “It doesn’t.”
Early Feedback Signals High Value
The Desired Effect Marketplace has already garnered interest from major enterprises across finance, accounting, and crypto sectors. Among its early customers are one of the “Big Four” accounting firms, a $200B bank holding company, and a global cryptocurrency exchange.
One client remarked: “The pain of threat intel is that it’s damn near impossible to make operational. When you get something from Desired Effect, you know it’s actionable, not academic.”
Another added: “Your marriage of market data and the capability of the exploit against a customer’s unique environment is a special and valuable offering.”
Disrupting with Ethics and Intelligence
Desired Effect isn’t just a cybersecurity company—it’s a challenge to the status quo. It legitimizes the discovery of exploits, realigns incentive structures, and builds a transparent economy around one of the most sensitive parts of the cyber defense lifecycle.
As the company emerges from stealth, it brings with it not just new tools but a new philosophy. They normalize the research, discovery, and procurement of zero-day exploit data. It’s time to bring researchers out of the shadows and into the spotlight—fairly compensated, appropriately credited, and working alongside defenders.
Conclusion: A Marketplace with the Desired Effect
The Desired Effect Marketplace represents a bold and necessary leap forward in cybersecurity. By creating a legal, ethical, and transparent market for exploit intelligence, it empowers defenders to act before attackers do, compensates researchers fairly for their discoveries, and deals a significant blow to the exploit black market.
As the cybersecurity community continues to grapple with increasingly sophisticated threats, the Desired Effect model may just prove to be the most impactful innovation since the advent of threat intelligence itself.To learn more, visit: www.desiredeffect.io
Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.