Google is offering researchers up to $30,000 (Rs 26.6 lakh) to find and report security flaws in its AI systems. Launching a new AI Vulnerability Reward Program (AI VRP), the IT behemoth said the base reward is up to $20,000 (Rs 17.75 lakh), with an extra $10,000 (Rs 8.9 lakh) bonus for reports of exceptional quality or novelty. The program covers Google's core AI-integrated products, including Gemini, Google Search, Gmail, and Drive.
How To Report A Bug In Google
You can report bugs through Google's official Bug Hunters website. Google made it clear that simply getting an AI model to hallucinate or produce unwanted content does not qualify for a reward. "Simply put, we don't believe a Vulnerability Reward Program is the right format for addressing content-related issues," said Google security engineering managers Jason Parsons and Zak Bennett in a blog post.
What Counts As A Valid Bug
Google pointed out specific categories of in-scope vulnerabilities, ranked by severity:
- Rogue Actions: Attacks that alter a user's account or data security, such as indirect prompt injections that could cause Google Home to unlock a smart door.
- Sensitive Data Exfiltration: Leaks of personal or confidential data like emails, addresses, or financial details.
- Phishing Enablement: Security flaws that could allow attackers to trick users into providing sensitive information.
- Model Theft: Exfiltration of proprietary AI model parameters or architecture details.
Other reportable flaws include context manipulation, access control bypass, unauthorised product usage, and cross-user denial of service. Reports involving AI hallucinations, copyright infringement, or inappropriate content (such as hate speech) are excluded, as these issues are to be reported via the in-product feedback tools.
Rewards
- Flagship products (Search, Gemini, Gmail, Drive): up to $20,000 for top-tier bugs
- Standard products (AI Studio, Jules, NotebookLM): up to $15,000
- Other products: up to $10,000
- Lower-tier issues like denial-of-service attacks can earn as little as $500.
Google said it paid out $430,000 to AI researchers over the past two years under earlier experimental programs. Last year, the company distributed nearly $12 million across all security bug reports under its Vulnerability Reward Program.
Google also introduced an AI tool called CodeMender, which helps automatically patch vulnerable code.
Disclaimer: If your rights are infringed, please contact the webmaster and we will delete the infringing content in a timely manner. Thank you for your cooperation! |
