Google paid $17.1 million for vulnerability reports in 2025

The company says it has awarded over $81.6 million in bug bounties since the first Vulnerability Reward Program went live in 2010, while the highest reward paid last year was of $250,000.

“Our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer,” Google said.

“This was more evident than ever as we awarded over $17 million (an all-time high and more than 40% increase compared to 2024!) to over 700 researchers based in countries around the globe – across all of our programs.”

Among last year’s highlights, Google launched an AI Vulnerability Rewards Program for security researchers targeting the company’s AI systems and added new reward categories to the Chrome VRP for AI bugs.