Google Announces Reward Of Rs 26 Lakh For Researchers Who Identify THIS Critical AI Security Problem; Details

Google has unveiled a new initiative that could make cybersecurity researchers and ethical hackers a lot richer. The tech giant is offering rewards of up to USD 30,000 (Rs 26.6 lakh) to individuals who successfully identify and report serious vulnerabilities in its artificial intelligence systems.  The program, officially called the AI Vulnerability Reward Program (AI VRP), aims to strengthen the security of Google’s AI-integrated products. Eligible services include Google’s flagship platforms such as Gemini, Search, Gmail, and Drive. Researchers can submit their findings through Google’s Bug Hunters platform.

The base reward for a valid report is USD 20,000 (Rs 17.75 lakh), with an additional USD 10,000 (Rs 8.9 lakh) for discoveries considered highly innovative or impactful. Notably, not all AI issues will qualify. For example, tricking Gemini into producing offensive content or hallucinating responses does not count. Such problems should be reported via in-product feedback tools, not the bug bounty system.

What Counts As A Valid Bug?

Unlike traditional software glitches, AI vulnerabilities often involve manipulations of how an AI system interprets commands. Google refers to these as “rogue actions.” For instance, a malicious actor could potentially trick an AI into summarizing private emails and forwarding them to another account, or exploit a prompt to unlock a smart home device.

ALSO READ: Nobel Prize Winner Found: Scientist On Holiday Trip With Wife And Phone In Airplane Mode Finally Traced

Google has outlined several categories of eligible vulnerabilities:

Rogue Actions: Unauthorised changes to user accounts or device controls.

Sensitive Data Exfiltration: Leaks of personal or confidential information such as addresses or financial records.

Phishing Enablement: Exploits that help attackers trick users into sharing sensitive data.

Model Theft: Attempts to extract proprietary model parameters or architecture.

Other valid reports include context manipulation, access control bypasses, cross-user denial of service, and unauthorized product usage.

Payout Structure

  - Rewards vary based on the severity of the bug and the product affected:

  - Flagship products (Gemini, Gmail, Search, Drive): up to USD 20,000

  - Standard products (AI Studio, Jules, NotebookLM): up to USD 15,000

  - Other products: up to USD 10,000

  - Low-tier issues such as denial-of-service attacks: as little as USD 500

Google’s Security Push

Alongside this program, Google has also launched CodeMender, an AI agent designed to automatically detect and fix code vulnerabilities. Already, CodeMender has helped patch 72 flaws in open-source projects after verification by human experts.

ALSO READ: Pakistan To Get Higly Advanced US Air-to-Air Missiles After Sharif-Trump Meet | Know KEY Features

The new AI VRP builds on Google’s earlier experiments with bug bounty initiatives. The company revealed that it has already paid USD 430,000 to AI researchers over the past two years. In 2023 alone, Google distributed nearly USD 12 million in security rewards across its broader Vulnerability Reward Program.