I think GP is suggesting an insider could introduce a bug, have a confederate "find" it, and split the money. At $5m I think more than a few big tech employees might decide to write themselves a new minivan.
I think you'd have a tough time deliberately putting something like that in at a large company. The cost of failure is losing a very good job.
If you discovered a vulnerability and sat on it for a future payout that would be more likely, yet still risky.
Though it does come down to choosing to do crimes in the face of incentives and disincentives. Nothing unique here - humans break the rules all the time.
It's trivial for a motivated engineer to deliberately introduce bugs, most couldn't avoid it if they tried. It wouldn't be too hard to pass it off as an honest mistake either. You might not even lose your job, as a lot of places have a "blameless culture".
If you discovered a vulnerability and sat on it for a future payout that would be more likely, yet still risky.
Though it does come down to choosing to do crimes in the face of incentives and disincentives. Nothing unique here - humans break the rules all the time.