Updated: This article was updated August 5 with confirmation from Apple on a few points.

An Apple security chief unexpectedly announced the company will pay for vulnerabilities found in certain aspects of iOS and iCloud. The program will launch in September by invitation only for a few dozen researchers with whom Apple has an existing strong relationship, and payouts will be based on severity and category. The top fees across five areas range from $25,000 to $200,000, but could be much lower. The announcement came during a presentation by Ivan Krstić, Apple’s head of security engineering and architecture, at the Black Hat security research conference in Las Vegas.

The presentation also included a level of technical detail and disclosure of security—here, related to AutoUnlock, HomeKit, and iCloud Keychain—that has been mostly absent in the past at conferences, according to those present.

The fees offered aren’t enough to deter those merely in it for the cash, as major flaws can command cash from malicious and legitimate parties alike that far exceeds Apple’s top rates. But it could help convince researchers to disclose problems to Apple and remain mute until the bugs are patched. In some instances in the last few years, those who had discovered exploits went public after they decided sufficient time had passed without Apple providing updates.

Most of Apple’s competitors for customers and eyeballs already run so-called bug bounty programs, in which researchers or hackers turn over what they know in exchange for a fee, usually paid in cash, and keeping quiet until fixes ship. Some sponsor hacking events, paying out in cash, equipment, or both for achieving a goal, like breaking out of a browser sandbox designed to contain malicious software from the rest of a system. Amazon now remains the exception among large Internet firms.

Today Apple introduced a bug bounty program with maximum payout of $200,000. Will go live in Sept. #BlackHat2016 pic.twitter.com/Zo4iDO5Ybw — Robert McMillan (@bobmcmillan) August 4, 2016

Krstić listed five categories of bugs and the top fee paid for each, although Apple said later that exceptional critical vulnerabilities that aren't listed will be considered. Those who attended say that macOS isn’t yet covered as part of the program.

Secure boot firmware components ($200,000 cap)

Extraction of confidential material protected by the Secure Enclave Processor ($100,000 cap)

Execution of arbitrary code with kernel privileges ($50,000 cap)

Unauthorized access to iCloud account data on Apple servers ($50,000 cap)

Access from a sandboxed process to user data outside of that sandbox ($25,000 cap)

Each of these aspects represents key vectors for attack by governments and criminals alike. While iOS has never had exploits spread significantly in the wild, jailbreaking software has made use of various methods of running arbitrary code. In a separate Black Hat presentation, the makers of the Pangu jailbreak for iOS 9 (fixed in 9.2) described how they achieved that kind of code execution.

So far, there’s been no known extraction of data from Secure Enclave, the dedicated hardware in iOS devices with an A7 or newer process that acts as a one-way valve to store fingerprint characteristics and certain data associated with Apple Pay. It’s also used to prevent downgrading iOS to exploit a bug in a previous release.

While iCloud accounts have been compromised in the past through certain weak password entry endpoints and social engineering of celebrity accounts, there’s been no reported breach of iCloud servers.

Those invited to apply to the program will have to provide a proof of concept that works on current software and hardware. Bounties will be based on a combination of factors, as with other corporate bug programs, such as how much interaction is required from a user to trigger it, the exploit’s severity, how novel it is compared to previously known issues, and how clearly the flaw is described.

Apple has also offered a bump to bug finders who want to donate their awards to charity. At its discretion—potentially to avoid supporting charities at odds with its image or public stances—Apple will match donated awards dollar for dollar.

Security researcher Rich Mogull, a contributor to Macworld and other Apple-focused publications, noted in a post on his company’s blog that Apple will consider adding those who discover bugs but haven’t been invited to the bounty program; Apple confirmed this for Macworld. Apple won’t publish a list of invitees, he writes, but those participating are free to disclose it. This approach is clearly intended to reduce the volume of reports and keep the quality high. Apple has long accepted bug reports without the potential of compensation, and that continues. Apple says that it plans to try to bring more researchers into the program in the future.

Apple began to acknowledge researchers who conformed to its advance disclosure and testing rules several years ago and includes their name and company affiliation (if any) in security updates. Apple withholds credit and sometimes publishes those who work outside its guidelines, most prominently suspending Charlie Miller, who had previously discovered many flaws, from its developer program in 2011 after he had an app approved in the App Store with a proof-of-concept flaw embedded.

Bugs pay big on gray and black markets, with criminal syndicates and government agencies sometimes vying for the same exploit before it’s found and patched. These so-called zero-day bugs, ones that aren’t patched before they’re used to exploit a weakness, allow malicious and legitimate parties alike ways to crack servers, operating systems, and sometimes individual computers and mobile devices. Effective cracks can go for tens of thousands of dollars, with reports putting the top rate at a million dollars.

The Department of Justice dropped its attempt to force Apple to create a specialized version of iOS that would allow the FBI to attempt to crack a work-provided iPhone used by San Bernardino mass-killer Syed Rizwan after it obtained a bypass from a third party.

Fees at other companies range from a starting point from $100 to $500, and are capped at from $20,000 at Google to $100,000 at Microsoft. Some companies don’t have an announced cap, and may offer far higher fees for major exploits.