Overview

• Google introduced a dedicated AI vulnerability reward program that pays up to $30,000 for qualifying security findings across Search, Gemini apps, and core Workspace tools like Gmail and Drive.
• Eligible reports center on 'rogue actions' that manipulate devices, accounts, or data, with examples including unlocking a smart door via Google Home or exfiltrating email summaries to an attacker.
• Top payouts of $20,000 apply to flagship products with quality multipliers and novelty bonuses lifting totals to $30,000, while lower tiers cover tools such as Jules and NotebookLM.
• Problems tied to content generation, including hallucinations, hate speech, or copyright issues, do not qualify and should be submitted through in-product feedback channels.
• Alongside the launch, Google unveiled CodeMender, an AI tool that has helped patch more than 70 open-source vulnerabilities after human review, and noted over $430,000 previously paid for AI-related reports.