Google Launches $30,000 AI Security Bounty Program to Tackle Emerging Threats

By Gaurav Sharma

Published: Wednesday, October 8, 2025, 19:51 [IST]

Add as a preferred source on Google

Google has announced a new initiative aimed at strengthening the security of its artificial intelligence systems, offering researchers lucrative rewards for uncovering vulnerabilities. Under the newly launched AI Vulnerability Reward Program (AI VRP), ethical hackers can earn up to $30,000 (₹26.6 lakh) for identifying serious flaws that could compromise Google's AI-powered products.

The program provides a base reward of $20,000 (₹17.75 lakh), with an extra $10,000 (₹8.9 lakh) for highly innovative or high-impact discoveries. Eligible products include Google's major AI-integrated services such as Gemini, Search, Gmail, and Drive. Reports can be submitted through the company's official Bug Hunters platform.

However, Google clarified that AI hallucinations-where a model produces incorrect or nonsensical outputs-or instances of undesirable content generation will not qualify for rewards. Instead, such issues should be reported via the in-product feedback channels.

Focus on High-Impact Security Flaws

The company has listed specific categories of reportable vulnerabilities, including indirect prompt injections, data exfiltration, and phishing exploits that could lead to unauthorized access or data theft. Examples include commands that might manipulate Google Home devices or expose sensitive user data like emails or financial information.

Other eligible issues include context manipulation, access control bypasses, cross-user denial-of-service (DoS) attacks, and unauthorized product usage. Lower-severity bugs, such as standard DoS vulnerabilities, carry rewards starting at $500.

Tiered Rewards by Product Category

Google has structured payouts according to the product's criticality. Core products such as Search and Gmail qualify for the highest rewards-up to $20,000-while tools like AI Studio and NotebookLM offer up to $15,000. Lesser-used applications cap rewards at $10,000.

Over the past two years, Google has paid out roughly $430,000 to AI security researchers through earlier experimental reward programs. In 2024 alone, its broader Vulnerability Reward Program distributed nearly $12 million in payouts across all security domains.

AI Security Gets Smarter

Complementing the new bounty initiative, Google has also introduced CodeMender, an AI-driven tool capable of automatically patching vulnerable code. The company says this addition will help improve response times and reduce exposure to potential cyber threats.

Through these efforts, Google aims to build a more resilient AI ecosystem while encouraging the global research community to contribute to safer and more transparent AI technologies.