Google Bug Bounty Payouts Reach Record $17 Million in 2025

Google has reported a landmark year for its Vulnerability Reward Program (VRP), awarding more than $17 million to ethical hackers in 2025, the highest payout in the program’s history.

The milestone represents a 40% increase compared to 2024 and coincides with the 15th anniversary of Google’s long-running bug bounty initiative.

The record-breaking payouts highlight the growing importance of crowdsourced security as cyber threats become more sophisticated.

In total, over 700 security researchers worldwide received rewards for responsibly disclosing vulnerabilities across Google’s ecosystem, helping the company proactively mitigate risks before they could be exploited in the wild.

A key development in 2025 was Google’s strategic shift toward securing artificial intelligence systems.

Recognizing the rapid adoption and evolving threat landscape surrounding AI technologies, the company introduced a dedicated AI Vulnerability Reward Program.

This new initiative provides clearer testing guidelines and defined reward structures specifically for AI-related findings, which were previously handled under the broader Abuse VRP.

The expansion reflects increasing concerns around AI misuse, model manipulation, and prompt injection attacks.

Google also extended its Chrome VRP to include vulnerabilities tied to AI-powered features, such as Gemini integrations, signaling a deeper focus on securing AI-driven user experiences.

Beyond AI, Google continued to strengthen its investment in open-source security and collaborative research.

The company launched a patch reward program for OSV-SCALIBR, an open-source tool designed to detect vulnerabilities in software dependencies.

Security researchers contributing innovative scanning plugins were eligible for rewards, with external contributions already helping Google identify and remediate internal security issues, including leaked secrets.

Live hacking events remained a cornerstone of Google’s community engagement strategy.

Through its invite-only bugSWAT program, the company brought together top researchers to identify high-impact vulnerabilities in real-world environments.

These events not only accelerated vulnerability discovery but also fostered collaboration between Google engineers and the global security community.

Several bugSWAT events stood out in 2025:

• Tokyo AI bugSWAT (April): Generated over 70 vulnerability reports, resulting in more than $400,000 in payouts.
• Sunnyvale Cloud bugSWAT (June): Produced 130 reports, with rewards totaling $1.6 million.
• Las Vegas bugSWAT (August): Delivered 77 reports and $380,000 in payouts.
• Mexico City bugSWAT: Focused on AI, Android, and Cloud, yielding 107 reports and $566,000 in rewards.

These events demonstrate the effectiveness of live, collaborative testing in uncovering complex vulnerabilities across diverse attack surfaces.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Google Bug Bounty Payouts Reach Record $17 Million in 2025 appeared first on Cyber Security News.