Google has unveiled a new AI-focused bug bounty initiative, meaning hunters can earn up to $30k by identifying and reporting vulnerabilities within the company’s AI systems.
The program targets high-impact flaws across Google’s most prominent AI offerings, including “flagship” products Google Search, Gemini Apps, and core Workspace applications such as Gmail, Drive, Meet, and Calendar.
The program offers tiered rewards depending on the severity and novelty of the reported issue. Rogue actions in flagship products can earn researchers up to $20,000, with bonuses for exceptional reports bringing the maximum payout to $30,000. Sensitive data exfiltration bugs qualify for $15,000, while smaller issues such as phishing enablement or model theft carry rewards of up to $5,000.
Other eligible products include AI-driven features in sensitive platforms like AI Studio and Jules, as well as non-core Workspace apps and additional AI integrations across Google services.
Since Google began focusing its Vulnerability Reward Program on AI systems, Security Week records that Google has paid out over $430,000. In 2024 alone, Google distributed nearly $12 million to 660 security researchers through its broader Vulnerability Reward Program, which has paid a total of $65 million since its inception in 2010.
The program clarifies that not all AI anomalies qualify for payouts. Issues related to content generation (such as hate speech or copyright infringement) should be reported through the standard feedback channels.
Reward Amounts
This table from Google outlines how their most common classes of bugs are classified and rewarded, with further sections describing how these rewards may be amended based on factors such as the quality of the submission and other considerations.
In parallel with the new bounty program, Google also announced CodeMender, an AI-driven tool designed to patch vulnerable open-source code. The company says the tool has already facilitated 72 security fixes after human review within the previous six months, with some as large as 4.5 million lines of code.
The initiative highlights the ongoing challenge of securing AI systems against exploitation, particularly when flaws could trigger harmful or unauthorized actions in widely used applications.
