Google is investing significantly in AI safety. The tech company has introduced a new AI bug bounty program that offers rewards of up to $30,000 for security researchers who reveal critical vulnerabilities in its AI-driven products, including Search, Gemini Apps, Gmail, and Workspace tools. This initiative represents a significant extension of Google’s existing Vulnerability Reward Program (VRP), focusing on the emerging field of AI security rather than just traditional software bugs. The company aims to involve cybersecurity professionals and ethical hackers in identifying flaws that could lead to harmful actions, such as AI behaving unpredictably or dangerously. Google is particularly focused on mitigating risks related to AI leaking personal information, executing unintended commands, or enabling attacks on connected smart devices.
For example, if an attacker manages to deceive Google Home into unlocking a door or causes Gmail to summarize private emails for unauthorized recipients, these would be classified as high-severity exploits under the new program. However, Google stated that AI hallucinations, where an AI produces incorrect or nonsensical outputs, are not considered bugs eligible for rewards. Similarly, issues regarding offensive or copyright-infringing AI-generated content should be reported via product feedback channels instead of the reward program. Google emphasizes that such feedback is valuable for enhancing its AI safety teams’ ability to refine and retrain models to minimize harmful outputs effectively.
Concerning payouts, the highest rewards—up to $20,000—are designated for vulnerabilities found in key AI products like Search, Gemini, Gmail, and Drive. Reports showcasing exceptional creativity or technical acumen may receive an additional bonus, raising the total reward to $30,000. Lesser yet still significant rewards will be available for researchers identifying weaknesses in other tools like NotebookLM or Google’s experimental AI assistant Jules. Google states that this initiative is part of its broader strategy to strengthen AI security as the technology becomes increasingly integrated into daily tools and workflows. The company disclosed that security researchers have already earned over $430,000 in the last two years for identifying AI-related issues even before the official launch of this program.
Concurrently, Google has also unveiled CodeMender, an AI-driven tool designed to automatically detect and rectify security vulnerabilities in open-source software. Functioning as an “AI fixing AI” system, CodeMender has already addressed more than 70 confirmed vulnerabilities, each validated by human security experts. By merging human skill with intelligent automation, Google aims to enhance the resilience of its AI ecosystem against emerging cyber threats. With this new reward initiative and tools like CodeMender, the company underscores its dedication to fostering a safer and more transparent future for artificial intelligence.