Wanted: Google offers $20K bounty for serious Gemini AI security flaws

Google has launched a new AI Vulnerability Reward Program that pays security researchers up to $20,000 for discovering serious exploits in its Gemini AI systems. The program targets vulnerabilities that could allow attackers to manipulate Gemini into compromising user accounts or extracting sensitive information about the AI’s inner workings, moving beyond simple prompt injection tricks to focus on genuinely dangerous security flaws.

What you should know: The bounty program specifically rewards researchers who find high-impact AI vulnerabilities rather than harmless pranks or minor glitches.

• The most severe exploits affecting flagship products like Google Search and the Gemini app can earn researchers $20,000.
• Qualifying vulnerabilities must have serious consequences, such as tricking Gemini into compromising Google accounts or allowing attackers to extract information about how Gemini operates.
• Simple exploits that make Gemini “look silly” don’t qualify for rewards under this program.

Why this matters: As AI systems become more integrated into critical services, security vulnerabilities pose increasingly serious risks to users and platforms alike.

• Unlike viral but harmless exploits like resume tricks that insert random recipes into AI responses, the targeted vulnerabilities could enable real attacks.
• For example, a serious exploit might allow attackers to get Gemini to include phishing links in Search AI Mode responses, directly endangering users.

The big picture: Google’s proactive approach reflects the growing recognition that AI security requires dedicated attention from skilled researchers.

• The company is essentially racing to ensure that security experts working to protect users can compete with malicious actors seeking to exploit AI systems.
• This represents a shift from treating AI prompt manipulation as a novelty to recognizing it as a legitimate security discipline requiring professional-grade bug bounty programs.

How it works: The program follows Google’s established Vulnerability Reward Program structure but with AI-specific criteria and payouts.

• Researchers must demonstrate exploits that go far beyond getting AI to generate incorrect or inappropriate responses.
• The vulnerabilities must pose genuine risks to user security, account integrity, or reveal proprietary information about Gemini’s architecture and training.