Google is upping the ante in the pursuit of safer and more secure artificial intelligence by launching a dedicated AI Vulnerability Reward Program (VRP). This initiative offers security researchers and ethical hackers the chance to earn up to $30,000 for discovering and reporting vulnerabilities in Google's AI systems. This program builds upon Google's existing Abuse VRP, expanding its scope to address AI-specific threats.

The AI VRP aims to simplify the reporting process and incentivize researchers to focus on high-impact abuse and security vulnerabilities within Google's AI products and services. Since 2023, when Google's bug bounties expanded to include AI-related issues, researchers have already earned over $430,000.

Scope and Rewards

The program covers a range of Google's AI offerings, categorized into three tiers:

• Flagship Products: This tier includes AI features within Google Search, Gemini Apps, and core Google Workspace applications like Gmail, Drive, Sheets, and Calendar. These products offer the highest rewards due to their widespread use and impact.
• Standard Products: This category encompasses AI features in AI Studio, Jules, and non-core Google Workspace applications.
• Other AI Integrations: This tier includes other AI integrations across Google's portfolio, with some exceptions.

The highest rewards are reserved for vulnerabilities found in core products. For instance, attacks leading to the modification of a victim's account or data in flagship products can earn researchers up to $20,000. Similar attacks in standard products can yield rewards of up to $15,000. Discoveries of sensitive data exfiltration can earn up to $15,000 in flagship and standard tiers, and up to $10,000 in the "other" category. Exceptional reports demonstrating significant impact, novelty, and product sensitivity may receive bonuses, potentially pushing the total reward to $30,000.

Google has outlined specific categories of vulnerabilities that qualify for rewards, including:

• Rogue Actions: These are attacks that can alter a victim's account or data with significant security consequences.
• Sensitive Data Exfiltration: Leaks involving personal or sensitive data.
• Phishing Enablement: Attacks that enable phishing through persistent, cross-user injection of HTML code on Google-branded sites without a "user-generated content" warning.
• Model Theft: Exfiltration of model parameters.
• Context Manipulation: Persistent manipulation of a victim's AI environment.
• Access Control Bypass: Unauthorized product usage.
• Cross-User Denial of Service: Attacks leading to persistent denial-of-service.

What's Out of Scope?

It's important to note that certain types of issues are considered out of scope for the AI VRP. These include prompt injections, alignment issues, and jailbreaks. Google encourages researchers to report content-related issues like hate speech or copyright violations through in-product feedback tools. Google believes that a Vulnerability Reward Program isn't the right format for addressing content-related issues and that all Google AI products have in-product functionality to report such content-based issues.

Why a Dedicated AI VRP?

Google acknowledges that the scope of AI-related bug reports was previously ambiguous, leaving researchers unsure about which issues qualified for rewards and where to report them. The standalone AI VRP addresses this by combining security vulnerabilities and abuse issues under a single reward structure, defining specific categories, and aligning rewards based on impact, novelty, and product sensitivity. A unified reward panel will review all submissions and grant the highest eligible payout.

Strengthening AI Security

The AI VRP is part of Google's broader effort to strengthen AI security as these systems become more embedded in its products. The company has also introduced CodeMender, an AI agent designed to automatically detect and fix security flaws in open-source software.

How to Participate

Researchers interested in participating in the AI VRP can find detailed information on the program's rules page. Google also offers the option to donate rewards to a chosen charity, and the company will double the donation. Any rewards unclaimed after 12 months will be donated to a charity of Google's choosing.