Google Launches AI Bug Bounty with $30,000 Top Reward

Google has launched a new AI Vulnerability Reward Program (VRP), which is offering base rewards of up to $30,000 for bugs identified in the tech firm’s AI products.

The bug bounty program aims to simplify the reporting process for researchers by moving AI-related issues previously covered by Google’s Abuse VRP to the new AI VRP.

Bug hunters have earned over $430,000 in AI-product related rewards since the Abuse VRP program was created, according to a Google blog published on October 6.

The top base reward for the AI VRP is $20,000 for a high-tier AI product flaw. With repot multipliers considered, which are the same as those used in its other VRPs, the program could pay up to $30,000 for a single issue.

Google defines AI-related issues as those issues where interaction with a large language model (LLM) or other generative AI (GenAI) system, such as a natural language interaction, is an integral part of the vulnerability or abuse issue.

The company has outlined a number of qualifying vulnerabilities including, but not limited to, rogue actions, sensitive data exfiltration, phishing enablement and model theft.

The firm noted that reports must be verified by the reporter and demonstrate a clear in-scope threat, risk or vulnerability in plain language. 

Scope to Include Flagship Products Like Search, Gemini and Workspace

Products in scope of the AI VRP include Google Search, Gemini Apps and Google Workspace applications like Gmail, Drive, Sheers and Calendar. These are classed as Google’s flagship products and offer the highest rewards.

The AI VRP has been developed on the back of feedback from researchers who took part in the Abuse VRP.

As well as clarifying the scope of AI rewards, Google has created a single reward table for abuse and security issues.

Going forward, a unified reward panel will review all reported security issues and will issue the highest reward possible across the abuse and security tables.

“We hope that these changes help our valued researchers focus on the highest-impact (and highest-reward-value!) targets,” the company’s blog stated.

While prompt injections, jailbreaks and alignment issues remain issues for AI products, these faults will be out of scope of the AI VRP.

Google said that while it “cares deeply” about these issues, it does not believe the VRP is the correct format for addressing content-related issues.

Instead, the company encourages researchers to use Google’s AI in-product functionality for reporting content-based issues. 

The reward amounts have been outlined in Google’s blog and the company noted that for those not wishing to receive a cash payment they can instead choose to donate the reward to a chosen charity. Google has offered to double this donation.

Any rewards unclaimed after 12 months will be donated to a charity of Google’s choosing.