Google Launches AI Bug Bounty Program Offering Up to $30,000 Rewards for Security Flaws

Google has launched a new AI-focused bug bounty program offering rewards of up to $30,000 to security researchers who identify critical vulnerabilities in its AI-driven products, including Search, Gmail, Gemini Apps, and Workspace tools. The program targets "rogue actions" where AI systems could be manipulated to perform unauthorized tasks, such as unlocking smart home devices or leaking private information, while explicitly excluding AI hallucinations and content-related issues like hate speech or copyright infringement, which should be reported via standard feedback channels. Top-tier bugs in flagship products can earn up to $20,000, with additional bonuses for particularly creative or insightful reports, whereas smaller payouts apply to other AI tools like NotebookLM and the experimental Jules assistant. The initiative is part of Google's broader commitment to AI safety and security, having already rewarded researchers over $430,000 since 2022 for uncovering AI risks. Alongside the bounty program, Google introduced CodeMender, an AI agent designed to automatically patch security vulnerabilities in code, which has already contributed to 72 verified fixes in open-source projects. This comprehensive approach aims to engage the cybersecurity community in making Google's AI products safer as their reliance on generative models grows.