In October 2023, Google announced significant updates to its Vulnerability Reward Program (VRP), specifically targeting AI products. The new AI Vulnerability Reward Program (AI VRP) aims to foster third-party discovery and reporting of security and abuse issues in Google’s AI systems. As the program enters its second year, Google is reflecting on the successes, lessons learned, and the enhanced rules designed to streamline AI bug reporting and reward high-impact findings. Google’s integration of AI vulnerabilities into its existing Abuse Vulnerability Reward Program has proven highly successful. By inviting external researchers to identify and report bugs, Google has strengthened collaboration with the AI research community.Researchers have uncovered critical AI security issues, contributing to Google’s layered AI security strategy. Since the inception of AI-specific rewards, bug hunters have earned over $430,000 for reporting AI product vulnerabilities. This approach not only keeps users safe but also incentivises researchers to focus on high-impact AI threats.
AI bug bounty boost: Google AI VRP clarifies scope and rewards
Despite the program’s early success, Google received feedback highlighting areas for improvement. Many researchers found the scope of AI rewards unclear. In response, Google has updated the AI VRP rules, offering detailed guidance on which vulnerabilities qualify for rewards.Another challenge involved the treatment of AI-related abuse issues. Previously handled separately, abuse and security issues are now unified under a single reward table. A consolidated reward panel reviews all submissions to ensure the highest possible reward is issued across abuse and security categories. This change helps researchers prioritise targets with the greatest impact.
Content-related AI issues: Why jailbreaks and prompt injections fall outside Google AI VRP
Google has also clarified how content-related issues, including jailbreaks, prompt injections, and alignment problems, should be reported. While researchers are encouraged to report these issues, they are considered out-of-scope for the AI VRP.The reason is simple: content-based vulnerabilities require long-term, cross-disciplinary solutions that involve trend analysis, model retraining, and user context evaluation. These needs do not align with the VRP’s goal of providing timely rewards to individual researchers. Instead, content-related issues should be reported in-product, enabling AI safety teams and model experts to address them effectively.
Google AI VRP scope updated: Key security and abuse vulnerabilities now clearly defined
The updated AI VRP now clearly defines eligible vulnerabilities under security and abuse categories, with six primary types of attacks in scope:Security Issues:
Abuse Issues:
Google AI VRP introduces product tiers with rewards up to $30,000 for top findings
To focus efforts on the most impactful AI issues, Google has introduced AI-specific product tiers:Flagship Products: Google Search, Gemini Apps (Web, Android, iOS), Gmail, Drive, Meet, Calendar, Docs, Sheets, Slides, and Forms.Standard Products: AI Studio, Jules, and non-core Google Workspace applications such as NotebookLM and AppSheet.Other Products: Other AI integrations, excluding certain acquisitions and open-source projects.Rewards are substantial, with base payouts up to $20,000, and bonuses for report quality and originality increasing potential rewards to $30,000. Top-tier findings in flagship products like Google Search or Gmail carry the highest reward potential, incentivizing researchers to focus on critical systems.
How to report Google AI vulnerabilities
Visit the official AI VRP guide to understand which vulnerabilities qualify for rewards, including security and abuse categories:
Look for rogue AI actions, sensitive data leaks, phishing enablement, model theft, or context manipulation (cross-account attacks). Ensure your findings are reproducible and have a clear impact.
Create a detailed report explaining the vulnerability, steps to reproduce it, potential risks, and suggested fixes. Include screenshots or videos if applicable.Use the official submission portal to submit your report securely. Make sure to follow all guidelines for reporting AI vulnerabilities.
Your submission will be reviewed by Google’s consolidated reward panel. High-impact and original reports may earn rewards up to $30,000, depending on severity, originality, and potential impact.
Google expands AI bug bounty to reward ethical hackers and researchers
By launching the dedicated AI Vulnerability Reward Program, Google underscores its commitment to AI safety and security. The program not only encourages external researchers to expose potential exploits but also reinforces Google’s proactive approach to managing AI risks.Examples of qualifying vulnerabilities include rogue prompts triggering smart home exploits, unauthorized access to sensitive data, and cross-account manipulations. However, issues like model hallucinations, hate speech, or copyrighted material should continue to be reported through in-product feedback channels. Since 2022, AI bug hunters have earned over $430,000 for identifying vulnerabilities across Google platforms. With the AI VRP’s enhanced scope, higher rewards, and clear guidelines, Google aims to continue strengthening AI security while incentivizing ethical hacking and collaboration with the research community.Also Read | ‘Tesla Optimus learning Kung Fu’: Elon Musk’s humanoid robot stuns with human-like moves and balance | Watch