Full Report
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward program (VRP) has seen constant additions and expansions over the past decade and a half, clearly indicating the value the programs under this umbrella contribute to the safety and security of Google and its users, but also highlighting their acceptance by the external research community, without which such programs cannot function.Coming back to 2025 specifically, our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer. This was more evident than ever as we awarded over $17 million (an all-time high and more than 40% increase compared to 2024!) to over 700 researchers based in countries around the globe – across all of our programs.Vulnerability Reward Program 2025 in NumbersWant to learn more about who’s reporting to the VRP? Check out our Leaderboard on the Google Bug Hunters site.VRP Highlights in 2025In 2025 we made a series of changes and improvements to our VRP and related initiatives, and continued to invest in the security research community through a series of focused events:The new, dedicated AI VRP was launched, underscoring the importance of this space to Google and its relevance for external researchers. Previously organized as a part of the Abuse VRP, moving into a dedicated VRP has gone hand in hand with improvements to the rules, offering researchers more clarity on scope and reward amounts.Similarly, the Chrome VRP now also includes reward categories for problems found in AI features.We launched a patch rewards program for OSV-SCALIBR, Google's open source tool for finding vulnerabilities in software dependencies. Contributors are rewarded for providing novel OSV-SCALIBR plugins for inventory, vulnerability, or secret detection that expand the tool’s scanning capabilities. Besides strengthening the tool’s capabilities for all users, user submissions already helped us uncover and remediate a number of leaked secrets internally!As part of Google's Cybersecurity Awareness Month campaign in October, we hosted our very own security conference in Mexico City, ESCAL8. The conference included init.g(mexico), our cybersecurity workshop for students, HACKCELER8, Google’s CTF finals, and a Safer with Google seminar, sharing technical thought leadership with Mexican government officials. bugSWAT, our special invite-only live hacking event, saw several editions in 2025 and delivered some outstanding findings across different areas:We hosted our first dedicated AI bugSWAT (Tokyo) in April which yielded a whopping 70+ reports filed and over $400,000 in rewards issued. We continued the momentum in early summer with Cloud bugSWAT (Sunnyvale) in June resulting in 130 reports, with $1,600,000 in rewards paid out.Next in line was bugSWAT Las Vegas in August, leading to 77 reports and rewards of $380,000. And finally, as part of ESCAL8 in Mexico City, bugSWAT Mexico focused on many different targets and spaces including AI, Android, and Cloud, and resulted in the filing of 107 reports, totalling $566,000 in rewards to date. Looking for more details? See the extended version of this post on the Security Engineering blog for reports from individual VRPs such as Android, Abuse, AI, Cloud, Chrome, and OSS, including specifics concerning high-impact bug reports and focus areas of security research. What’s coming in 2026In 2026, we remain fully committed to fostering collaboration, innovation, and transparency with the security community by hosting several bugSWAT events throughout the year, and following up with the next edition of our cybersecurity conference, ESCAL8. More broadly, our goal remains to stay ahead of emerging threats, adapt to evolving technologies, and continue to strengthen the security posture of Google’s products and services – all of which is only possible in collaboration with the external community of researchers we are so lucky to collaborate with! In this spirit, we’d like to extend a huge thank you to our bug hunter community for helping us make Google products and platforms more safe and secure for our users around the world – and invite researchers not yet engaged with the Vulnerability Reward Program to join us in our mission to keep Google safe (check out our programs for inspiration 🙂)!Thank you to Tony Mendez, Dirk Göhmann, Alissa Scherchen, Krzysztof Kotowicz, Martin Straka, Michael Cote, Sam Erb, Jason Parsons, Alex Gough, and Mihai Maruseac. Tip: Want to be informed of new developments and events around our Vulnerability Reward Program? Follow the Google VRP channel on X to stay in the loop and be sure to check out the Security Engineering blog, which covers topics ranging from VRP updates to security practices and vulnerability descriptions!
Analysis Summary
# Industry News: Google’s VRP Reaches 15-Year Milestone with Record $17M Payout
## Summary
Google marked the 15th anniversary of its Vulnerability Reward Program (VRP) in 2025 by awarding a record-breaking $17 million to over 700 global researchers. The year was defined by a strategic pivot toward AI security, including the launch of a dedicated AI VRP and significant expansions into open-source dependency scanning.
## Key Details
- **Date:** March 31, 2026 (Reporting on 2025 fiscal year)
- **Companies Involved:** Google (Alphabet Inc.)
- **Category:** Strategy Update / Cyber Investment & Security Program Results
## The Story
In 2025, Google’s Vulnerability Reward Program (VRP) reached a decade and a half of operation, demonstrating the maturation of the "crowdsourced security" model. The program saw a massive 40% year-over-year increase in payouts, totaling $17 million.
The most significant strategic development was the formalization of **AI security** as a standalone pillar. Google transitioned AI vulnerabilities from its "Abuse VRP" into a dedicated **AI VRP**, providing clearer scope and higher reward incentives for researchers focusing on Large Language Models (LLMs) and generative features. This coincided with the Tokyo "bugSWAT" event, which focused exclusively on AI and yielded over $400,000 in rewards from 70+ reports.
Furthermore, Google expanded its reach into the software supply chain by launching a patch rewards program for **OSV-SCALIBR**, its open-source tool for dependency scanning. By incentivizing the creation of plugins for secret detection and vulnerability inventory, Google is effectively outsourcing the improvement of critical open-source security infrastructure.
## Business Impact
### For the Companies Involved (Google)
- **Risk Mitigation:** By paying $17M to researchers, Google likely avoided billions in potential losses associated with zero-day exploits and data breaches.
- **R&D Efficiency:** The OSV-SCALIBR initiative allows Google to crowdsource the development of its security tools, accelerating product maturity through external contributions.
### For Competitors
- **Benchmark Inflation:** Google’s 40% increase in payouts raises the "market rate" for high-end vulnerabilities, forcing competitors like Microsoft, Amazon, and Meta to potentially increase their rewards to retain top-tier researcher attention.
- **Talent War:** By hosting exclusive events like ESCAL8 in Mexico City and bugSWAT in Tokyo, Google is building deep loyalty within the global elite researcher community.
### For Customers
- **Increased Product Trust:** Higher visibility into AI-specific security testing provides much-needed assurance for enterprise clients integrating Google’s AI tools into their workflows.
- **Supply Chain Safety:** Improvements to open-source tools like OSV-SCALIBR benefit the wider ecosystem, making the software dependencies that modern businesses rely on more resilient.
### For the Market
- **AI Security Standardization:** Google’s move to create a dedicated AI VRP sets a precedent for how AI risks should be categorized and valued in the bug bounty market.
## Technical Implications
The shift toward AI-specific rewards highlights new technical attack vectors: prompt injection, training data poisoning, and model extraction. Google’s inclusion of AI features within the Chrome VRP specifically signals that AI security is no longer a "backend only" concern but a critical client-side vulnerability surface.
## Strategic Analysis
- **Market Positioning:** Google is positioning itself as the "Security First" AI leader. By being transparent about its vulnerabilities and payouts, it builds a narrative of maturity compared to newer AI startups.
- **Competitive Advantage:** The "bugSWAT" live hacking events (Cloud, AI, Android) create a high-pressure, high-reward environment that uncovers complex, multi-stage vulnerabilities that automated scanners typically miss.
- **Challenges:** As payouts scale (approaching $20M+ annually), managing the volume of reports and maintaining a high lead-to-noise ratio remains a significant operational challenge.
## Industry Reactions
- **Analyst Opinions:** Analysts view the 40% payout increase as a clear indicator that the attack surface of cloud and AI services is expanding faster than internal security teams can scale.
- **Market Response:** The security community has responded positively to the "dedicated AI VRP," noting that it provides the "clarity on scope" that was previously missing in the industry.
## Future Outlook
- **2026 Projections:** Expect more regional "bugSWAT" events and a continued focus on "Safer with Google" initiatives in emerging markets.
- **Trend to Watch:** Watch for whether Google begins to offer even higher bounties specifically for "AI alignment" or "AI safety" risks that fall outside traditional technical vulnerabilities.
## For Security Professionals
Practitioners should note the increased emphasis on **dependency scanning (OSV-SCALIBR)** and **AI red-teaming**. As Google formalizes these as core components of their security posture, enterprise security teams should consider following suit by integrating similar scanning tools and updating their vulnerability disclosure policies to include AI-specific logic.