Google bug bounty payouts hit record $17 million in 2025 as AI flaws move into focus

Google paid out more than $17 million through its Vulnerability Reward Program in 2025, the highest annual total in the company’s history. The milestone came during the program’s 15th year and marked a jump of more than 40% from 2024, according to Google’s official year-in-review post published on March 31, 2026.

The company said more than 700 security researchers from around the world earned rewards last year. That number matters because it shows how heavily Google now depends on external researchers to find serious flaws before criminals or spyware operators do.

This was not just a bigger payout year. It was also a year when Google reshaped the program around newer threats, especially AI features, cloud infrastructure, and open-source supply chain risks. The result was a broader bug bounty effort with more targeted rules, more live hacking events, and more money attached to high-priority findings.

AI became a bigger part of Google’s bug bounty strategy

Google said it launched a dedicated AI VRP in 2025 after previously handling those reports under its Abuse VRP. The company said the change gave researchers clearer rules, better-defined scope, and more transparent reward amounts for AI-specific bugs.

That shift reflects a larger change inside Google’s security work. The company has already said AI systems need different reporting standards because traditional vulnerability categories do not fully cover issues such as prompt injection, data exposure, or unsafe model behavior in connected products.

Chrome also moved in the same direction. Google said the Chrome VRP now includes reward categories for issues found in AI features, and later clarified that serious security boundary breaches tied to Chrome’s agentic capabilities could earn up to $20,000.

bugSWAT events helped drive results

Google credited several invite-only bugSWAT events for a meaningful share of 2025’s output. These live hacking sessions focused researchers on specific targets, including AI, cloud, Android, and broader Google platforms.

The biggest 2025 event was Cloud bugSWAT in Sunnyvale in June. Google said it produced 130 reports and $1.6 million in rewards, making it the largest single event listed in the company’s review.

Google also highlighted an AI bugSWAT in Tokyo that generated more than 70 reports and over $400,000 in rewards. Las Vegas added 77 reports and $380,000, while bugSWAT Mexico City produced 107 reports worth $566,000 to date.

Google’s 2025 VRP numbers at a glance

Category	Official detail
Total payouts	More than $17 million
Year-over-year growth	More than 40% higher than 2024
Researchers rewarded	More than 700
AI VRP	Dedicated program launched in 2025
Sunnyvale Cloud bugSWAT	130 reports, $1.6 million
Tokyo AI bugSWAT	70+ reports, $400,000+
Las Vegas bugSWAT	77 reports, $380,000
Mexico City bugSWAT	107 reports, $566,000 to date

Google also used 2025 to expand rewards beyond classic product flaws. The company launched a patch rewards program for OSV-SCALIBR, its open-source tool for finding vulnerabilities in software dependencies. Google said outside submissions have already helped uncover and fix leaked secrets internally.

That addition matters because it widens the definition of useful security research. Instead of paying only for discovered bugs, Google now also rewards work that improves the tools used to find those bugs at scale.

Google paired that technical push with a bigger community effort. It said its ESCAL8 security conference in Mexico City included student workshops, technical seminars, the HACKCELER8 finals, and sessions with Mexican government officials as part of a broader outreach strategy.

Why this matters

For Google, the record payout is a sign that crowdsourced security research remains cheaper than cleaning up major incidents later. Paying millions to researchers may sound expensive, but it looks modest next to the cost of a large cloud breach, a browser zero day, or an AI security failure that affects millions of users. This is an inference based on Google’s continued program expansion and the company’s repeated emphasis on prevention.

For researchers, the message is equally clear. Google wants more reports tied to AI, cloud products, Chrome security boundaries, and software supply chain tooling. These are no longer niche targets inside the program. They now sit near the center of it.

For the wider industry, Google’s latest numbers show where bug bounty programs are heading. Companies are not just paying for memory corruption bugs and account takeover flaws anymore. They are also paying for issues in model behavior, agentic systems, dependency scanning, and other attack paths that barely existed in mainstream bounty programs a few years ago.

Key takeaways

• Google paid out more than $17 million in 2025, its highest annual total ever.
• The company rewarded more than 700 researchers worldwide.
• Google launched a dedicated AI Vulnerability Reward Program with clearer rules and scope.
• bugSWAT events in Sunnyvale, Tokyo, Las Vegas, and Mexico City drove a large chunk of the year’s activity.
• Google also expanded rewards to OSV-SCALIBR contributions tied to dependency and secret detection.

FAQ