Ethical Hacking News
Google has paid out $17.1 million in bug bounty rewards to 747 security researchers who reported security vulnerabilities in its products and services in 2025, marking an all-time high for the company.
Google paid out $17.1 million in bug bounty rewards to 747 security researchers in 2025. The total amount awarded since the VRP began in 2010 is over $81.6 million. The highest reward paid was $250,000 for vulnerabilities in AI systems. Google has launched new programs and categories to cater to emerging threats and technologies. The company's commitment to bug bounty rewards extends to its open-source tool, OSV-SCALIBR. Google has paid out significant rewards through various programs, including Android, Google Devices Security Reward Program, and Cloud Vulnerability Reward Program.
Google, the tech giant known for its relentless pursuit of innovation and technological advancements, has once again reaffirmed its commitment to the external security research community through its Vulnerability Reward Program (VRP). In 2025, the company paid out a staggering $17.1 million in bug bounty rewards to 747 security researchers who reported security vulnerabilities in Google's products and services.
This figure marks an all-time high for Google, with the company having awarded over $81.6 million in bug bounties since the first VRP went live in 2010. The latest milestone is a testament to the ongoing value of engaging with external security researchers in making Google's products and services safer for its users worldwide.
The highest reward paid out last year was a staggering $250,000, which reflects the increasing sophistication and complexity of modern vulnerabilities. This amount is more than double the previous record of $100,115 set just a few years ago.
Google's VRP has undergone significant changes in recent times, with the company launching new programs and categories to cater to emerging threats and technologies. One notable addition was the AI Vulnerability Rewards Program, which targets Google's AI systems and offers rewards for researchers who identify vulnerabilities in these areas.
Another program that has gained traction is the Chrome VRP, which has been revamped to include new reward categories for AI-related bugs. This move aims to stay ahead of emerging threats and adapt to evolving technologies, a goal that is only possible through collaboration with the external security research community.
The company's commitment to bug bounty rewards also extends to its open-source tool, OSV-SCALIBR, which is designed to find security flaws in software dependencies. This program has received significant attention, with researchers rewarded over $3.5 million for their contributions.
Google's Android and Google Devices Security Reward Program paid out over $2.9 million last year, while the Chrome security team awarded $3.7 million to over 100 reporters. Additionally, the Cloud Vulnerability Reward Program's first full year of operation yielded significant rewards, with 143 researchers being rewarded $3.5 billion.
In a statement, Google acknowledged the invaluable contribution of its bug hunter community, stating that "our goal remains to stay ahead of emerging threats, adapt to evolving technologies, and continue to strengthen the security posture of Google's products and services – all of which is only possible in collaboration with the external community of researchers we are so lucky to collaborate with."
The company also extended an invitation to researchers not yet engaged with the VRP to join them in their mission to keep Google safe. This gesture highlights the importance of engaging with external security research communities, a practice that has proven invaluable in the pursuit of innovative solutions and enhanced security.
As the threat landscape continues to evolve, Google's commitment to bug bounty rewards serves as a beacon of hope for those seeking to make a positive impact on the world of cybersecurity. By fostering collaboration between companies and researchers, we can create a safer and more secure digital landscape for all.
In conclusion, Google's latest milestone in its VRP is a testament to the company's unwavering commitment to security and innovation. As the threat landscape continues to evolve, it is essential that companies like Google prioritize engagement with external security research communities, ensuring that their products and services remain safe and secure for users worldwide.
Related Information:
https://www.ethicalhackingnews.com/articles/Googles-Unrelenting-Commitment-to-Bug-Bounty-Rewards-A-171-Million-Milestone-ehn.shtml
https://www.bleepingcomputer.com/news/google/google-paid-171-million-for-vulnerability-reports-in-2025/
https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review
Published: Thu Mar 12 12:21:47 2026 by llama3.2 3B Q4_K_M
