The VRP aims to enhance the security of Google products by encouraging researchers to report vulnerabilities, allowing ethical hackers to legally uncover flaws and earn significant rewards.

The 2024 reward structure included bounties of up to $151,515 for Google VRP and Cloud VRP, $300,000 for Mobile VRP, and $250,000 for critical Chrome vulnerabilities.

Google's reported total payouts may actually be around $71 million, as previous totals indicated $59 million between 2010 and 2023.

In 2023, Google awarded $10 million to 632 researchers for responsibly reporting security flaws, further emphasizing its commitment to security.

Over $3.3 million was also paid to researchers reporting security bugs through the Android and Google Devices Security Reward Program and the Google Mobile VRP.

Additional enhancements to the program included the launch of InternetCTF, two editions of bugSWAT for training, and the option for Bugcrowd as a payment method for researchers.

In 2025, Google will celebrate 15 years of its Vulnerability Reward Program (VRP), highlighting its ongoing commitment to collaboration and innovation in cybersecurity.

Dirk Göhmann, a technical writer at Google, confirmed the details of the bounty program in a blog post on March 7, 2025, reflecting the company's dedication to improving security through collaboration with ethical hackers.

In 2024, Google introduced AI bug bounties, generating over 150 reports and $55,000 in rewards, marking the first full year of this initiative.

During two bugSWAT events, Google distributed $370,000 in rewards, including over $87,000 for reports from a live-hacking event targeting large language model products.

The highest individual payout for 2024 reached $110,000, contributing to a total of $65 million paid out since the program's inception in 2010.

Despite an 8% decrease in overall vulnerabilities reported, there was a 2% increase in critical and high-severity vulnerabilities, suggesting that fewer researchers are finding more significant bugs.