Google overhauls Chrome and Android bug bounty programs in response to AI-driven vulnerability discovery, dropping Chrome base rewards to 00 while raising Android max payouts to .5 million.
Google has overhauled its Vulnerability Reward Programs for Chrome and Android in response to a surge in AI tools for vulnerability discovery. For Chrome, standard payout amounts have dropped significantly as the company shifts focus to actionable reports. The base reward for memory safety issues is now $500, with multipliers for reachability and exploitability, and some Chrome bug rewards are now 10 times smaller than before. Google is phasing out bonuses introduced last year for arbitrary read/write and RCE vulnerabilities following a surge in AI-driven submissions.
Google explained that while AI has made it effortless to produce lengthy write-ups, their internal tooling has also evolved to help automatically explain and suggest fixes. Moving forward, they prioritize concrete proof that a bug exists, with effective reports being concise containing only a reproducer and necessary artifacts. Notably, a full-chain Chrome exploit is still worth up to $250,000, with the same amount as a bonus for a MiraclePtr bypass.
For Android, the maximum payouts have increased considerably: from $1 million to $1.5 million for zero-click Pixel Titan M exploits with persistence, and from $500,000 to $750,000 without persistence. Secure element data exfiltration rewards rose from $250,000 to $375,000. Google is prioritizing flaw categories that are more difficult for AI tools to find and strongly incentivizing reports that include proposed patches.
These changes reflect the broader impact of advanced AI tools like Claude Mythos and GPT-5.4-Cyber on vulnerability discovery. The Internet Bug Bounty program recently paused accepting new reports due to an influx of AI-assisted submissions. Google expects to increase its total aggregate rewards for 2026 after paying a record $17.1 million in 2025.
Source: SecurityWeek — Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Ri
