Google has launched a new AI Vulnerability Reward Program (AI VRP), offering researchers up to $30,000 (₹26.6 lakh) for finding security flaws in its AI systems. The program covers products like Gemini, Google Search, Gmail, and Drive.
The base reward is $20,000 (₹17.75 lakh), and Google will pay an extra $10,000 (₹8.9 lakh) for exceptional or novel reports. Researchers can submit their findings through the Google Bug Hunters website.
However, not every bug counts. Google made it clear that simply making an AI model hallucinate or produce unwanted text won’t qualify. Instead, the program targets vulnerabilities with real security risks.
Valid categories include:
-
Rogue actions: e.g., indirect prompt injection that could unlock a smart door.
-
Sensitive data leaks: exposure of emails, addresses, or financial details.
-
Phishing risks: flaws that help attackers trick users.
-
Model theft: stealing proprietary AI model details.
Other accepted issues involve access control bypass, unauthorized use, or denial of service. Rewards range from $500 for minor issues to $20,000 for critical bugs.
Google has already paid $430,000 to AI researchers in two years through earlier test programs, and nearly $12 million last year across all bug reports.
