Bug Bounties, Vulnerability Management

Google awards over $17 million to security researchers in 2025

Google sign is seen at Googleplex, the corporate headquarters complex of Google and its parent company, Alphabet, Inc., in Mountain View, California.

Google paid out more than $17 million to 747 security researchers who identified and reported bugs through its Vulnerability Reward Program (VRP) in 2025. This marks an all-time high for the company's bug bounty payouts, representing a more than 40% increase compared to the previous year. The highest single reward in 2025 reached $250,000, Bleeping Computer reports.

The company's VRP has awarded over $81.6 million in total since its inception in 2010. In 2025, Google expanded its efforts by launching a dedicated AI Vulnerability Rewards Program, offering up to $30,000 for flaws in its AI systems, and introduced new reward categories for AI-related bugs within the Chrome VRP. Additionally, a rewards program was established for OSV-SCALIBR, an open-source tool designed to detect security vulnerabilities in software dependencies.

Specific program payouts in 2025 included over $2.9 million for Android and Google Devices, $3.7 million for Chrome, and $3.5 million for the Cloud VRP.

Source: Bleeping Computer

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds