By Kavita Mistry 
Google has announced a new bug bounty program that is completely focused on the AI, inviting security researchers and ethical hackers to find flaws in its AI systems.
Depending on what bug and how serious its impact is, Google is offering rewards that go as high as $30,000.
Under this new initiative, Google is expanding the long-running Vulnerability Reward Program but changes the focus to the growing world of AI, where security threats look very different from traditional bugs. The company says it wants experts to help identify “rogue actions,” those moments when AI behaves in unexpected or dangerous ways, like leaking personal data, executing wrong commands, or letting attackers manipulate connected devices.
What counts as an AI bug?
A clear idea has been given by Google to the researchers when it comes to the kind of vulnerabilities. Imagine an attacker tricking Google Home into unlocking a smart door or using a hidden command that makes Gmail summarise someone’s emails and send them to a third party. These are the sort of high-risk exploits Google wants to uncover before they can be used in the real world.
However, the company has clarified that making Gemini—or any AI model—hallucinate does not qualify as a bug. Issues related to AI-generated content, such as hate speech or copyright violations, should be reported directly through the product’s feedback tools. According to Google, this allows its AI safety teams to retrain and improve models more effectively.
Earning Potential
The biggest rewards — up to $20,000 — are reserved for vulnerabilities found in Google’s key products like Search, Gemini apps, Gmail, and Drive. If a report stands out for its quality or originality, bonuses can push the pay-out up to $30,000. Lower but still meaningful rewards will be given for flaws discovered in other tools like NotebookLM or the experimental AI assistant Jules.
According to the tech giant, this move is focused on company’s wider effort to strengthen AI security as these systems become deeply integrated into its products.
In fact, the company says researchers have already earned more than $430,000 in the past two years by exposing AI-related risks, even before this official program was launched.
Google launches CodeMender tool: AI fixing AI
Alongside the new reward program, Google also introduced a tool called CodeMender. It’s an AI agent designed to automatically detect and fix security vulnerabilities in open-source software. So far, CodeMender has helped patch over 70 verified issues after being checked by human reviewers. The company says tools like this show how AI can also play a positive role in making technology more secure.
Summary
Google has launched an AI-focused bug bounty program, offering rewards up to $30,000 for finding flaws in its AI systems. The initiative targets issues like AI leaks or incorrect commands. Vulnerabilities in key products like Gmail and Drive can earn up to $20,000, with additional bonuses. Google also introduced CodeMender, an AI tool to fix open-source security vulnerabilities.