Article Details
Scrape Timestamp (UTC): 2025-10-07 13:20:25.151
Original Article Text
Click to Toggle View
Google's new AI bug bounty program pays up to $30,000 for flaws. This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. The new bug bounty program focuses on the most impactful issues in the highest-profile AI products, including but not limited to Google Search (on google.com), Gemini Apps (Web, Android, and iOS), and Google Workspace core applications (e.g., Gmail, Drive, Meet, Calendar, and others). Other in-scope products include AI features in high-sensitivity Google AI products, such as AI Studio and Jules, as well as Google Workspace non-core apps and other AI integrations in Google products. The rewards for vulnerabilities can reach up to $30,000 for quality reports with novelty bonus multipliers, while a standard security flaw report detailing security bugs that could trigger rogue actions in a flagship product comes with a top bounty of up to $20,000. Researchers can also get a $15,000 award for sensitive data exfiltration bugs, and up to $5,000 for phishing enablement and model theft issues. "In October 2023, we announced Google's reward criteria for reporting bugs in AI product, extending our Abuse Vulnerability Reward Program (VRP) to foster third-party discovery and reporting of issues and vulnerabilities specific to our AI systems," Google said. "As we celebrate the second year of AI bug bounties at Google, we're excited to discuss what we've learned, and to announce the launch of our new, dedicated AI Vulnerability Reward Program!" In March, the company also announced that it had awarded almost $12 million in bug bounty rewards to 660 researchers who discovered and reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024. Google has awarded $65 million in bug bounties since its first vulnerability reward program went live in 2010, with the highest reward paid last year exceeding $110,000. One year earlier, in 2023, the search giant also paid $10 million to 632 researchers for responsibly reporting security flaws in its products and services. The Security Validation Event of the Year: The Picus BAS Summit Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation. Don't miss the event that will shape the future of your security strategy
Daily Brief Summary
Google has introduced an AI Vulnerability Reward Program, incentivizing security researchers to identify and report flaws in its AI systems, with rewards reaching up to $30,000.
The program targets significant vulnerabilities in high-profile AI products, including Google Search, Gemini Apps, and Google Workspace core applications like Gmail and Drive.
In-scope products also encompass AI Studio, Jules, and various AI integrations, reflecting Google's focus on safeguarding its AI ecosystem.
Reward tiers include $20,000 for major security bugs, $15,000 for data exfiltration issues, and $5,000 for phishing and model theft vulnerabilities.
This initiative extends Google's existing Vulnerability Reward Program, aiming to enhance third-party discovery and reporting of AI-specific security issues.
Google has a history of rewarding researchers, having awarded $65 million in bug bounties since 2010, with $12 million distributed in 2024 alone.
The program's launch marks a strategic effort to bolster AI security and encourage responsible disclosure from the global research community.