Google launches AI bug bounties - earn up to $30,000 if you can hack Gemini

News
By published

Google launches a new AI bug bounties

An image of a CPU with a bug image superimposed on it.
(Image credit: Shutterstock)
  • Google expands its VRPs with a new AI-focused program
  • Payouts could reach up to $30,000 for outstanding reports
  • Content-based issues like hallucinations aren’t covered by the VRP

Google has announced a new AI Vulnerability Reward Program (VRP) for researchers focused on finding security issues and bugs in its AI tools.

The news comes around two years after Google extended its Abuse VRP, which Security Engineering Managers Jason Parsons and Zak Bennett described as “a huge success for Google’s collaboration with AI researchers.”

Since creating the program, Google has awarded bug hunters over $430,000 in rewards for AI products alone, highlighting the size of the opportunity that lays ahead and the importance of stamping out bugs in an increasingly connected and AI-powered world.

Google AI VRP

Parsons and Bennett admitted “the scope of AI rewards wasn’t always clear” and that “there was confusion regarding how [Google] handle[s] AI-related abuse issues,” hence the update.

The AI VRP consists of eight separate categories: S1 and S2, and A1 through A6. The most serious, S1, is described as “attacks that modify the state of the victim’s account or data with a clear security impact.” Other vulnerabilities include data exfiltration, denial of service and prompt injections.

Bug hunters can earn up to $20,000 with the AI VRP, with bonuses for report quality and novelty potentially raising payments up to $30,000. Flagship products offer the highest rewards, and include Google Search, Gemini Apps and Google Workspace.

Products like AI Studio, Jules and non-core Google Workspace applications fall into a lower tier.

The Security Engineering Managers also used the post to highlight the distinction between security/abuse bugs and content-related issues (like hallucinations and copyright issues), with the latter not being covered by the VRP.

“Please, continue to report content-based issues, including jailbreaks and alignment issues – but please report via in-product feedback, and not through the VRP,” Google notes.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.