Google's 2025 Vulnerability Reward Program Payouts Reach Record $17.1 Million

First reported

12.03.2026 17:22

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Google paid $17.1 million to 747 security researchers in 2025 through its Vulnerability Reward Program (VRP), marking the highest payout in the program's history. The total payouts since 2010 have surpassed $81.6 million. The program expanded in 2025 with new initiatives, including the AI Vulnerability Rewards Program and rewards for OSV-SCALIBR, an open-source tool for finding security flaws in software dependencies. The highest reward in 2025 was $250,000, while the highest reward in 2024 was $100,115 for a MiraclePtr Bypass.

Timeline

12.03.2026 17:22 1 articles · 5h ago

Google's 2025 Vulnerability Reward Program Payouts Reach Record $17.1 Million
Google paid $17.1 million to 747 security researchers in 2025 through its Vulnerability Reward Program (VRP), marking the highest payout in the program's history. The total payouts since 2010 have surpassed $81.6 million. The program expanded in 2025 with new initiatives, including the AI Vulnerability Rewards Program and rewards for OSV-SCALIBR, an open-source tool for finding security flaws in software dependencies. The highest reward in 2025 was $250,000, while the highest reward in 2024 was $100,115 for a MiraclePtr Bypass.
Show sources

Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
Open in new tab

Information Snippets

Google paid $17.1 million to 747 security researchers in 2025 through its Vulnerability Reward Program (VRP).
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
The total payouts since 2010 have surpassed $81.6 million.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
The highest reward in 2025 was $250,000.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
The highest reward in 2024 was $100,115 for a MiraclePtr Bypass.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
Google launched an AI Vulnerability Rewards Program and added new reward categories for AI bugs in Chrome VRP.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
Google introduced a rewards program for OSV-SCALIBR, an open-source tool for finding security flaws in software dependencies.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
The Android and Google Devices Security Reward Program paid over $2,900,000 in 2025.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
The Chrome security team awarded $3,716,750 to over 100 reporters in 2025.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22
143 researchers were rewarded $3,574,399 during the Cloud Vulnerability Reward Program's first full year of operation in 2025.
First reported: 12.03.2026 17:22

1 source, 1 article
Show sources
- Google paid $17.1 million for vulnerability reports in 2025 — www.bleepingcomputer.com — 12.03.2026 17:22