Google Sets $1.5M Bounty for Android Exploits, Slashing Chrome Rewards as AI Commoditizes Bug Hunting

Google has overhauled its Vulnerability Reward Programs, offering up to $1.5 million for sophisticated Pixel exploits while reducing payouts for memory safety…

Google Sets $1.5M Bounty for Android Exploits, Slashing Chrome Rewards as AI Commoditizes Bug Hunting

On May 5, 2026, Google updated its Vulnerability Reward Programs (VRP) for Android and Chrome, pushing the maximum reward for a zero-click full-chain exploit with persistence against Pixel's Titan M and Titan M2 chips to over $1.5 million. Simultaneously, the company reduced base rewards for memory safety vulnerabilities in Chrome to approximately $500, citing the increasing ease of identifying such bugs using artificial intelligence tools. This move is more than a simple financial adjustment; Google is effectively drawing a line between high-level human research and generative commodity, with immediate implications for how researchers will draft and value bug reports in the coming months.

Key Takeaways
  • The maximum reward for a zero-click full-chain exploit with persistence on Pixel's Titan M and Titan M2 chips has risen to over $1.5 million, while the same chain without persistence is valued at up to approximately $750,000.
  • Base rewards for memory safety vulnerabilities in Chrome have been reduced to nearly $500, supplemented by multipliers for reachability and exploitability; bonuses for renderer RCE and arbitrary read/write have been eliminated.
  • Google now requires concise reports consisting primarily of proof-of-concept (PoC) code and essential artifacts, disincentivizing the lengthy textual analyses that can now be generated automatically by AI.
  • For Android, the Linux kernel scope is now restricted to components maintained directly by Google, unless concrete exploitability on devices is proven; researchers submitting patches alongside bugs will receive additional incentives.

The Titan M Ceiling: Pixel Exploits Reach $1.5 Million

Under the updated Android program, the highest payouts are reserved for zero-click full-chain exploits that achieve persistence on the Titan M and Titan M2 security chips found in Pixel devices. This specific reward tier can now reach over $1.5 million, whereas a similar chain lacking persistence is capped at approximately $750,000. Google clarified that high-impact exploits remain exceptionally difficult to execute, and these increases are designed to reward that specific level of elite research. The $1.5 million figure is notable, representing nearly triple the historical offers for similar categories and signaling a clear shift in the security team's priorities.

The decision to concentrate such significant capital on this scenario reflects a concrete risk assessment: an attack that persists on a Pixel’s secure element compromises the device's root of trust, rendering standard software countermeasures ineffective. Consequently, rewards for data exfiltration from the secure element have also hit a new high of approximately $375,000, up from roughly $250,000. The strategy is unmistakable: the budget is shifting away from isolated bug reports toward full device compromises on up-to-date hardware, where technical complexity demands mastery of hardware, firmware, and kernel security within a single chain.

The AI Shift: Chrome Rewards Slump for Commoditized Bugs

The reallocation within the Chrome program is equally stark. Base rewards for memory safety vulnerabilities have dropped to nearly $500, though multipliers remain tied to reachability and exploitability. Notably, Google has eliminated the additional bonuses for renderer RCE and arbitrary read/write that were only introduced a year prior. The reasoning is explicit: automated analysis and AI-driven tools have made these bug classes far more accessible, transforming them from specialized research into high-volume commodities.

However, not all Chrome research has lost its value. A full-chain browser process exploit on updated systems can still command up to $250,000, with an additional bonus of approximately $250,128 for researchers who successfully bypass MiraclePtr protections. The takeaway is that the program now prioritizes technical difficulty and complete attack architecture over isolated memory leaks or crashes. For browser researchers, the message is clear: reporting a standalone vulnerability will yield diminishing returns, while demonstrating a functional chain on recent builds maintains a significant payout.

Overall figures for 2025 show that Google has distributed over $81.6 million since the program's inception, with 747 researchers paid in a single year. These numbers suggest that Google isn't closing the taps, but rather refining its portfolio to protect users from high-level risks rather than rewarding volume.

PoCs Over Prose: Google’s New Reporting Standards

The overhaul also impacts the format of researcher collaboration. Google has stated it now prefers concise reports containing only proof-of-concept code and the essential artifacts required for reproduction and bug routing. Long textual analyses—once a staple of high-quality submissions—are now viewed as less relevant, as they are easily generated by large language models. Furthermore, Google highlighted that its internal tools are rapidly evolving to automatically explain and suggest fixes, reducing the value added by extended narratives.

"Moving forward, we are shifting our program's focus to prioritize concrete proof that a bug exists. We now consider the most effective reports to be concise, containing only a reproducer and the necessary artifacts to help us validate and route the issue."

Regarding the Android program, the scope is tightening: Linux kernel vulnerabilities will only be considered if they reside in components directly maintained by Google, unless the researcher can provide concrete proof of exploitability on Android devices. To streamline mitigation, Google is offering extra incentives for submissions that include proposed patches. The direction is technical and data-driven: fewer words, more code, and a direct path to a fix.

Researcher Roadmap: Navigating the New VRP Landscape

  • Target full chains on secure hardware. The highest rewards are concentrated on zero-click full-chain exploits with persistence against Pixel’s Titan M chips and full-chain Chrome browser process exploits that bypass MiraclePtr. Researchers should pivot toward skill sets covering hardware, firmware, and sandboxing rather than hunting for isolated bugs.
  • Prioritize code over commentary. Reports must become leaner: a functional reproducer and the minimum artifacts required to validate a vulnerability are now more valuable than technical dissertations. Avoid long narratives that AI tools can generate in seconds.
  • Submit patches where possible. Particularly within the Android program, Google has introduced extra incentives for submissions that include a fix. Preparing a patch alongside a PoC increases the payout and accelerates the mitigation process.
  • Review internal bounty policies. Organizations managing their own VRPs should anticipate this trend: prioritize proof-of-concept and proof-of-exploitability over textual descriptions, and prepare to recalibrate rewards based on real-world impact and technical difficulty in an AI-assisted environment.

This VRP update marks a turning point: for the first time, a major tech firm has explicitly linked its reward scales to a bug's resistance to automated tools. If the Google model becomes the industry standard, vulnerability research will increasingly split into low-margin commodity bug hunting and elite research on secure hardware, with a widening economic gap that will reshape careers and training investments for years to come.

Frequently Asked Questions

Why did Google reduce Chrome rewards if the number of paid researchers grew?
Reports indicate that in 2025, Google paid approximately 747 researchers, a nearly 40% increase over 2024. The reduction in rewards for bug classes now easily identified by AI is intended to redirect the budget toward high-impact discoveries rather than cutting the total payout volume.
What makes a "zero-click full-chain exploit with persistence" on Titan M so difficult?
According to Google's statements, certain high-impact exploits remain incredibly difficult to achieve. Such a chain requires compromising multiple layers of defense without user interaction while maintaining persistence on a secure chip—a level of complexity that automated tools cannot yet replicate.
How will Google verify if a report was generated by AI?
The specific methodology is not public. Sources indicate Google’s policy is qualitative and does not define automated technical criteria for detecting AI-driven submissions. The requirement for concise reports and concrete PoCs acts as an indirect filter, but operational details remain undisclosed.

Information has been verified against the cited sources and is current at the time of publication.

Sources