On Monday, Google unveiled a comprehensive new reward initiative focused specifically on identifying and mitigating vulnerabilities in artificial intelligence technologies. This program, functioning as an advanced bug bounty system, invites researchers and ethical hackers to discover flaws embedded within AI products and services across Google’s expansive ecosystem. The company has published a detailed catalog defining what qualifies as a reportable AI bug, deliberately illustrating the range and severity of threats it seeks to detect. These examples describe scenarios in which a malicious actor could manipulate systems through indirect prompt injections—such as inserting a crafted command that might compel a Google Home device to unlock a door—or orchestrate a data exfiltration prompt injection designed to harvest sensitive information, like directing an AI model to summarize the contents of a user’s email and automatically send that summary to an external attacker’s account.

Through this initiative, Google seeks to demystify and codify the concept of an “AI bug,” establishing that such defects arise when large language models or generative AI systems are exploited to cause harm or leverage hidden security vulnerabilities. The company places particular emphasis on rogue or unauthorized actions—malfunctions that result in the modification of user accounts, data, or connected devices without consent. These are not hypothetical concerns: one previously exposed flaw allowed hackers to manipulate smart home equipment using a compromised Google Calendar event, illustrating how subtle prompt interactions could translate into physical world consequences, such as opening smart shutters or turning off lights unexpectedly.

Over the past two years, since Google began formally inviting AI researchers into its security reward framework, independent experts have collectively earned more than $430,000 for uncovering potential abuses in AI-driven features. The company’s rigorous standards make clear that simply causing an AI model—like its flagship Gemini system—to hallucinate or generate incorrect information does not meet the threshold for a cash reward. Instead, the bounty program distinguishes between security-related vulnerabilities and general content anomalies. Issues tied to problematic AI-generated outputs, including hate speech or material that violates copyright protections, should instead be submitted through the product’s built-in feedback mechanism. This process allows Google’s AI safety specialists to analyze model behavior deeply and adjust long-term system training to ensure broader, systemic safety improvements across their models.

In tandem with the launch of this AI-specific reward program, Google also introduced a complementary software agent named CodeMender. This autonomous tool is designed to identify and patch code vulnerabilities efficiently, acting as an AI-powered assistant to human security researchers. According to Google, CodeMender has already contributed to the remediation of seventy-two distinct security flaws across open-source projects, each thoroughly reviewed by human experts before implementation. The integration of such an agent illustrates how the company envisions AI both as a source of potential risk and as a critical instrument for advancing cybersecurity defenses.

Financially, the rewards offered through this program are substantial. Researchers who successfully expose rogue actions within Google’s most prominent products—such as Search, Gemini Apps, and core Workspace tools like Gmail and Drive—can earn a base prize of $20,000. Additional multipliers come into play for high-quality reports that demonstrate exceptional clarity, novelty, or impact. When these bonuses are combined, the total reward can reach an impressive $30,000. The compensation tiers are scaled according to the product category and severity of the exploit: discoveries involving lower-risk or less central products, including tools like Jules or NotebookLM, as well as lesser abuses such as the theft of confidential AI model parameters, receive correspondingly smaller payouts. In structuring the bounty this way, Google reinforces its commitment to prioritizing the security of its foundational AI infrastructure while still encouraging researchers to safeguard its entire ecosystem. The result is a program that not only incentivizes innovation and responsible hacking but also strengthens public trust in the evolving relationship between artificial intelligence and cybersecurity.

Sourse: https://www.theverge.com/news/793362/google-ai-security-vulnerability-rewards