Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI

Pierluigi Paganini
May 03, 2026

Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities.

Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how the company approaches cybersecurity. The update comes as artificial intelligence tools are reshaping the field of vulnerability discovery, transforming both the speed and nature of security research.

Over the past few years, generative AI systems have revolutionized bug hunting. Advanced tools, some still limited in availability, like Claude Mythos or GPT 5.4 Cyber, can automate large portions of code analysis and exploit development. Even widely available AI models have led to a surge in vulnerability submissions, though not all of them are useful or reproducible.

Google says these changes made it necessary to evolve its bounty programs, moving away from a focus on quantity toward quality and user impact.

“Over the past few years, AI and automation have accelerated the pace of vulnerability discovery, and our teams are moving at an unprecedented rate – remediating risks more effectively than ever before. The latest advancements in AI from Google and the broader industry have made it significantly easier to take a test case and explain the root cause, propose a suitable fix, and to find variants of known problems.” reads the announcement. “And to keep pace with vulnerability discovery, we’ve been continuing to implement structural improvements in our products to make it increasingly difficult to achieve full chain exploits. “

The new goal is to incentivize actionable reports, vulnerability submissions that include concrete proof, feasible exploit demonstrations, and…

Source

Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI