Google distributed a record-breaking $17 million to 747 security researchers through its Vulnerability Reward Program in 2025. This significant investment highlights the company's commitment to collaborating with the global research community to identify and resolve software flaws across its diverse platforms.

Google reached a major milestone in its security efforts during 2025 by awarding more than $17 million to researchers worldwide. This figure represents an all-time high for the company and a substantial 40% increase over the payouts distributed in 2024. Since the inception of the first Vulnerability Reward Program in 2010, the tech giant has paid out a cumulative total of $81.6 million, with the single highest individual reward reaching $250,000 last year.

The company emphasized that the results from the past year underscore the immense value of engaging with external security experts to enhance the safety of its products. By incentivizing independent researchers to find and report vulnerabilities, Google can address potential threats before they are exploited. This collaborative approach has become a cornerstone of the company's defense strategy, fostering a global network of contributors who monitor systems for various types of security risks.

A major focus of the 2025 program involved the expansion of security initiatives into the realm of artificial intelligence. Google launched a specific AI Vulnerability Rewards Program and introduced new reward categories within the Chrome VRP specifically for AI-related bugs. Additionally, the company introduced a rewards program for OSV-SCALIBR, an open-source tool designed to detect security flaws within software dependencies, reflecting a growing concern for supply chain security.

Source: Google Paid $17.1 Million In 2025 For Vulnerability Reports Through Its Bug Bounty Program