A US Defense Contractor's Boss Stole 8 Zero-Day Exploits and Sold Them to Russia for Crypto

The Case

Peter Williams, a 39 year old Australian national, was the general manager of Trenchant, a hacking and surveillance tools company owned by U.S. defense giant L3Harris. Between 2022 and 2025, Williams stole eight zero day exploit kits from his own company and sold them to a Russian broker in exchange for more than $1.3 million in cryptocurrency.

In October 2025, Williams pleaded guilty to two counts of theft of trade secrets. The Department of Justice revealed the full scope of the case in a sentencing memorandum filed in February 2026, requesting that Williams serve up to nine years in federal prison.

What Are Zero Day Exploits

A zero day exploit targets a software vulnerability that the manufacturer does not yet know about. Because there is no patch available, every device running the affected software is vulnerable. Zero days are the most valuable weapons in offensive cyber operations because they guarantee access to systems that believe they are fully updated and secure.

Governments and intelligence agencies pay millions for reliable zero day exploits. On the legitimate market, companies like Trenchant develop these tools for use by authorized law enforcement and intelligence agencies. On the black market, they go to whoever is willing to pay.

Who Bought Them

The DOJ identified the buyer as a Russian broker who "regularly provided exploits to the Russian government." The department stated that Williams' actions "made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world."

In practical terms, this means that Russian intelligence or military operations may have used American developed hacking tools to compromise targets that could include government networks, critical infrastructure, military systems, or the personal devices of journalists, activists, and political opponents.

The Scale of Damage

The DOJ estimated that Williams caused more than $35 million in losses to L3Harris and Trenchant. But the financial damage to his employer is the smaller concern. The strategic damage is far greater.

Eight zero day exploit kits represent eight different ways to silently break into computer systems that their owners believe are secure. The DOJ stated the exploits were "capable of accessing millions of computers and devices" worldwide. Once a zero day is sold to an adversary, it can be used until the vulnerability is independently discovered and patched, which can take months or years.

The DOJ characterized Williams' actions as "a betrayal of his employer and the US government" that caused "significant harm to US national security."

The Sentencing

Prosecutors are requesting:

• Up to 108 months (nine years) in federal prison
• Three years of supervised release
• Mandatory restitution of $35 million
• A maximum fine of $250,000
• Deportation to Australia after serving his sentence

Williams is scheduled to be sentenced on February 24, 2026.

The Insider Threat Problem

This case illustrates one of the most difficult challenges in cybersecurity: the insider threat. Williams was not an outside hacker. He was the general manager of the company, with authorized access to its most sensitive products. The tools he stole were developed for legitimate use by Western governments, and he turned them over to a geopolitical adversary.

The exploit trade exists in a gray zone where companies sell offensive capabilities to governments under export controls and licensing agreements. When an insider bypasses those controls, the entire framework collapses. The exploits do not become less dangerous because they were stolen rather than sold through official channels.

Why This Matters

Every device you use runs software that contains vulnerabilities its manufacturer has not yet found. Zero day exploits target exactly those vulnerabilities. When eight of them are handed to a government with a documented history of offensive cyber operations, the risk extends to anyone whose devices run the affected software.

The Williams case is a reminder that the biggest threats to digital security do not always come from anonymous hackers. Sometimes they come from the people who build the tools meant to protect us.