They recruit people who were trained to find exploits, it’s less about having the best programmers and more about having people with a specific set of learned skills and dedicating them to this task.
I would be surprised if their core iOS research team is much more than 10 or so people at any given time.
They also probably use brokers and buy at least some of the exploits they use from freelancers if they offer ~7 figures for a zero click exploit a lot of freelancers will be working on this too.
It’s just like any bug bounty program, internally you run a small and dedicated team and externally you pay enough to entice freelancers to spend their free time on your systems to scale it further.
I would be surprised if their core iOS research team is much more than 10 or so people at any given time.
They also probably use brokers and buy at least some of the exploits they use from freelancers if they offer ~7 figures for a zero click exploit a lot of freelancers will be working on this too.
It’s just like any bug bounty program, internally you run a small and dedicated team and externally you pay enough to entice freelancers to spend their free time on your systems to scale it further.