Overview

• Top-tier payouts of up to $20,000 apply to findings in Search, Gemini apps, Gmail, and Drive, with bonuses lifting exceptional reports to $30,000.
• The program also covers NotebookLM and the experimental assistant Jules, offering lower but still meaningful rewards for qualifying issues.
• Google defines eligible AI flaws as “rogue actions” such as data exfiltration, unauthorized command execution, or manipulation of connected devices.
• Hallucinations and content-policy problems like hate speech or copyrighted output are excluded from the bounty and should be submitted through in-product feedback tools.
• Alongside the launch, Google announced CodeMender, an AI agent it says has helped patch more than 70 verified open-source vulnerabilities, after paying $430,000 for AI-related reports over the past two years.