AI News Feed
Google launches AI vulnerability reward program
07 Oct 2025- Google launched an AI Vulnerability Reward Program rewarding researchers—up to $20K (or $30K with bonuses)—for exploits causing "rogue actions" in generative AI; it also unveiled CodeMender for patching.
07 Oct 2025
Google has launched a dedicated AI Vulnerability Reward Program that pays researchers for finding security flaws that abuse large language models or generative AI systems. The program highlights “rogue actions” as the highest-priority category — for example, an indirect prompt injection that causes a Google Home to unlock a door or a prompt-injection that summarizes someone’s email and exfiltrates the summary to an attacker’s account. Google’s qualifying-bug rules give concrete examples of the kinds of account- or data-modifying exploits it wants reported.
Google says simply triggering hallucinations (e.g., Gemini producing bad content) isn’t what the bounty covers; content issues like hate speech or copyright infringement should be reported through in-product feedback so AI safety teams can address model-wide training. The company notes bug hunters have already earned more than $430,000 since it began inviting AI researchers two years ago.
The top reward is $20,000 for finding rogue actions on flagship products (Search, Gemini Apps, core Workspace apps like Gmail and Drive), with report-quality multipliers and a novelty bonus that can raise payouts to $30,000. Rewards are smaller for other Google products and for lower-tier abuses (such as stealing model parameters). Google also announced CodeMender, an AI agent for patching vulnerable code, which the company says helped patch 72 security fixes after human vetting.
Source
Google has launched a dedicated AI Vulnerability Reward Program that pays researchers for finding security flaws that abuse large language models or generative AI systems. The program highlights “rogue actions” as the highest-priority category — for example, an indirect prompt injection that causes a Google Home to unlock a door or a prompt-injection that summarizes someone’s email and exfiltrates the summary to an attacker’s account. Google’s qualifying-bug rules give concrete examples of the kinds of account- or data-modifying exploits it wants reported.
Google says simply triggering hallucinations (e.g., Gemini producing bad content) isn’t what the bounty covers; content issues like hate speech or copyright infringement should be reported through in-product feedback so AI safety teams can address model-wide training. The company notes bug hunters have already earned more than $430,000 since it began inviting AI researchers two years ago.
The top reward is $20,000 for finding rogue actions on flagship products (Search, Gemini Apps, core Workspace apps like Gmail and Drive), with report-quality multipliers and a novelty bonus that can raise payouts to $30,000. Rewards are smaller for other Google products and for lower-tier abuses (such as stealing model parameters). Google also announced CodeMender, an AI agent for patching vulnerable code, which the company says helped patch 72 security fixes after human vetting.
Source
The method
The prompts
Helping entrepreneurs and business owners use AI tools for growth and productivity.
Wawa Llama Ltd GB447340593