Олег Онопрієнко AI Eng 9 October 2025, 08:54

Google launches bug bounty program for AI products

In parallel with the bounty program, Google introduced DeepMind's CodeMender agent tool, which helps automatically find and fix vulnerable code.

Leave a comment

Google launches bug bounty program for AI products

In parallel with the bounty program, Google introduced DeepMind's CodeMender agent tool, which helps automatically find and fix vulnerable code.

Google has announced the launch of a vulnerability detection program for its products. As part of the program, Google has more clearly defined what will be considered an AI bug — vulnerabilities that exploit large language models or generative systems to cause harm or bypass security.

The company cited as examples of case studies pop-ups that force a smart device to perform an unwanted action, or a vulnerability that extracts and forwards sensitive data.

The largest reward of up to $20,000 will be paid for critical “unauthorized actions” on flagship services, with the possibility of an additional bonus of up to $30,000 for a high-quality and innovative report.

In the two years since the open recruitment of researchers began, Google has already paid out more than $430,000. Now the company wants to encourage a focus on the use of artificial intelligence that leads to “harmful actions.”

At the same time, Google asks that issues related to unethical content (such as hate speech or copyright infringement) be submitted through standard feedback channels in products, rather than within the program.

Along with the bounty program, Google unveiled DeepMind's CodeMender agent tool, which helps automatically find and fix vulnerable code. Google says that after human review, the tool has already helped fix dozens of issues in open source software.

So, in the last six months, thanks to CodeMender, 72 security fixes have already been made to open source projects, some of which contain up to 4.5 million lines of code.