Intel said that 91% of the reported bugs in 2019 were due to its investment in product assurance.
It's quite some PR spin for Intel to take credit for all of the bugs reported through their Bug Bounty program. I expect a majority of those were from researchers who would've disclosed the bugs, anyhow, but are quite willing to take any payment on offer.
Much respect to those who declined payment (although some might've been government agencies or big customers, who wouldn't be allowed to take what are effectively vendor kickbacks).
It also noted that none of the 236 vulnerabilities uncovered in 2019 were known to be used in attacks at the time of public disclosure.
Probably because these exploits are more difficult to find & utilize, leaving them as targets for governments & their contractors, who are more secretive and selective about their targets.