Google Launches Dedicated AI Bug Bounty Program with Rewards up to $30,000

Reviewed byNidhi Govil

7 Sources

Share

Google has introduced a new AI Vulnerability Reward Program, offering substantial rewards for identifying security flaws in its AI products. This initiative aims to enhance the security of Google's AI systems and clarify the scope of reportable issues.

Google Introduces AI-Focused Bug Bounty Program

Google has launched a new bug bounty program specifically targeting security flaws and vulnerabilities in its artificial intelligence (AI) products. This initiative, an extension of the company's existing Abuse Vulnerability Reward Program (VRP), aims to incentivize researchers and bug bounty hunters to identify and report high-impact security issues in Google's AI systems

1

2

.

Source: TechRadar

Source: TechRadar

Scope and Rewards

The program covers a range of Google's AI-powered products, including flagship offerings such as Google Search, Gemini Apps, and core Google Workspace applications like Gmail and Drive. Other in-scope products include AI Studio, Jules, and various AI integrations across Google's product suite

3

.

Source: Dataconomy

Source: Dataconomy

Rewards for identified vulnerabilities can reach up to $30,000 for high-quality reports with novelty bonus multipliers. The standard top bounty for security bugs that could trigger rogue actions in a flagship product is set at $20,000. Other significant rewards include $15,000 for sensitive data exfiltration bugs and up to $5,000 for phishing enablement and model theft issues

3

5

.

Categories of Vulnerabilities

Google has categorized potentially acceptable reports into several areas:

  1. Rogue Actions: Attacks that modify the state of a victim's account or data with clear security implications

    1

    2

    .
  2. Data Exfiltration: Unauthorized access to sensitive information

    3

    .
  3. Denial of Service: Attacks that disrupt service availability

    1

    .
  4. Prompt Injections: Malicious inputs that manipulate AI systems

    2

    3

    .

The company has provided examples of qualifying bugs, such as indirectly injecting an AI prompt that causes Google Home to unlock a door or a data exfiltration prompt that summarizes and sends someone's emails to an attacker's account

2

.

Out-of-Scope Issues

Google has been careful to delineate what's not covered by the program. Content-based issues, including AI hallucinations, generating hate speech, or copyright-infringing content, are explicitly excluded from the VRP. These should instead be reported through in-product feedback channels

2

5

.

Additionally, jailbreaks and issues found in Vertex AI or other Google Cloud products are not within the scope of this program and should be reported through separate channels

1

5

.

Impact and Future Prospects

Since expanding its bug bounties to include AI-related issues in 2023, Google has awarded more than $430,000 to researchers. The launch of this standalone program is expected to encourage even more reports, which could be crucial as Google continues to integrate AI across its digital product suite

1

3

.

Jason Parsons and Zak Bennett, Google's security engineering managers, expressed excitement about the new program, hoping it will foster increased collaboration with AI researchers and enhance the security of Google's AI systems

1

5

.

Source: Analytics Insight

Source: Analytics Insight

Conclusion

As AI technologies become increasingly prevalent, ensuring their security and reliability is paramount. Google's new AI Vulnerability Reward Program represents a significant step in engaging the wider security community to identify and address potential vulnerabilities in AI systems, ultimately contributing to safer and more robust AI products for users worldwide.

TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo