Security & Infrastructure Tools

Google paid $17.1 million for vulnerability reports in 2025

Google paid over $17 million in 2025 to 747 security researchers through its Vulnerability Reward Program, marking a record high and more than a 40% increase from the previous year. The company has awarded a total of $81.6 million since the program launched in 2010, with the largest single reward last year being $250,000. In 2025, Google introduced new bug bounty programs for AI systems, OSV‑SCALIBR, and expanded categories for Chrome and Android, earning over $2.9 million for Android, $3.7 million for Chrome, and $3.6 million for Cloud. The company emphasized its commitment to collaborating with external security researchers to strengthen Google’s products and services.

TechLogHub

March 12, 2026

Keep Reading

Security & Infrastructure ToolsJun 12, 2026

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States pleaded guilty to conspiracy to commit wire fraud in connection with the Conti ransomware operation, admitting to joining the group in September 2021 and possessing data stolen from eight U.S. victims and four overseas victims. He helped code a loader used in attacks and faces up to 20 years in prison. Conti, linked to TrickBot, targeted more than 1,000 victims and collected over $150 million in ransom before disbanding in 2022.

Security & Infrastructure ToolsJun 12, 2026

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More from the Blog

View all

Security & Infrastructure Tools

Microsoft Adds Copilot Data Controls to All Storage Locations

Microsoft is expanding its data‑loss prevention controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel and PowerPoint documents regardless of where they are stored—whether on local devices or in SharePoint/OneDrive. The update will be deployed through the Augmentation Loop (AugLoop) Office component between late March and late April 2026, automatically enabling the restriction for organizations that already have DLP policies set to block Copilot from handling sensitivity‑labeled content. This change follows a bug that had allowed Copilot to summarize confidential emails in users’ Sent Items and Drafts folders despite active DLP protections.

Feb 25, 2026

Security & Infrastructure Tools

Previously harmless Google API keys now expose Gemini AI data

Stay Updated

Get the next deep dive in your inbox

Subscribe for product analysis, engineering explainers, and practical guides published on TechLogHub.

Stay Updated

Get weekly insights, product updates, and launches straight to your inbox.

Google’s Vulnerability Reward Program (VRP) reached a historic milestone in 2025 by awarding more than $17 million to 747 security researchers worldwide. This figure marks an all‑time high and reflects a jump of over 40 % from the previous year, underscoring Google’s continued commitment to engaging with the external research community.

Since its inception in 2010, Google has accumulated over $81.6 million in bug bounties across multiple programs. The most lucrative reward that year was $250,000, highlighting the company’s willingness to invest heavily in finding and fixing vulnerabilities. “Our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer,” Google stated, emphasizing the collaborative nature of its security efforts.

In 2025, several key initiatives were launched or expanded:

AI Vulnerability Rewards Program – targeting AI systems, offering up to $30,000 for identified flaws.
Chrome VRP AI Bug Category – new reward categories added specifically for AI vulnerabilities within Chrome.
OSV‑SCALIBR Rewards Program – a dedicated program for the open‑source tool that scans software dependencies for security issues.

The distribution of rewards across Google’s products was notable: Android and Google Devices Security Reward Program paid over $2.9 million; Chrome’s security team awarded $3.716 750 to more than 100 reporters; and the Cloud Vulnerability Reward Program, in its first full year, rewarded $3.574 399 to 143 researchers.

A look back at 2024 shows a similar trend: Google paid another $12 million to 660 researchers who reported vulnerabilities throughout that year. The highest bug bounty of 2024 was $100,115 for a MiraclePtr Bypass, which saw the reward doubled to $250,128 after program adjustments.

Google’s overarching goal remains to stay ahead of emerging threats, adapt to evolving technologies, and strengthen the security posture of its products and services—all achievable only through collaboration with external researchers. The company extended heartfelt thanks to its bug hunter community and encouraged new participants to join the VRP in pursuit of a safer Google ecosystem for users worldwide.

Google paid $17.1 million for vulnerability reports in 2025

Related Posts

Ukrainian national pleads guilty to role in Conti ransomware operation

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More from the Blog

Microsoft Adds Copilot Data Controls to All Storage Locations

Previously harmless Google API keys now expose Gemini AI data

Get the next deep dive in your inbox

Stay Updated

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

Microsoft says bug in classic Outlook hides the mouse pointer

Product

Learn

Company

Legal

Stay Updated

Browse by Category

What's New