Two aspects. The first is client vetting - such organizations (I have in mind a particular organization that's not NSO but also has products which rely on RCEs) simply don't sell at all to random companies - I'm not sure if they sell to companies at all as all the published cases have been from the government sector, but in any case they already know all the potential clients they might have, it's not like there are many of them in the world. And it's not trivial for Apple to falsely pose as, for example, the intelligence agency of Bolivia in a way that's not easily discovered. Also, in the specific case of NSO, every new client will likely require approval from Israel government for the 'arms' export license, and is likely to be vetted by Israeli intelligence agencies which are considered to be quite competent.
The second aspect is that such organizations generally are very wary of actually giving access to RCEs themselves - in many cases they will sell access to the use of RCEs, where the buyer won't get the ability to get the exploit but rather the seller will run the exploit themselves. Of course there are exceptions, but any less trustworthy clients (e.g. if selling to some USA local law enforcement which realistically aren't as secure as FBI) simply won't get the opportunity to compromise the 'goose that lays golden eggs'.
re your second point: you don’t need access to the RCE itself, you could say I want to hack XXX phone number where XXX is a honeypot and try to reverse engineer it from there.
Two aspects. The first is client vetting - such organizations (I have in mind a particular organization that's not NSO but also has products which rely on RCEs) simply don't sell at all to random companies - I'm not sure if they sell to companies at all as all the published cases have been from the government sector, but in any case they already know all the potential clients they might have, it's not like there are many of them in the world. And it's not trivial for Apple to falsely pose as, for example, the intelligence agency of Bolivia in a way that's not easily discovered. Also, in the specific case of NSO, every new client will likely require approval from Israel government for the 'arms' export license, and is likely to be vetted by Israeli intelligence agencies which are considered to be quite competent.
The second aspect is that such organizations generally are very wary of actually giving access to RCEs themselves - in many cases they will sell access to the use of RCEs, where the buyer won't get the ability to get the exploit but rather the seller will run the exploit themselves. Of course there are exceptions, but any less trustworthy clients (e.g. if selling to some USA local law enforcement which realistically aren't as secure as FBI) simply won't get the opportunity to compromise the 'goose that lays golden eggs'.