Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025.

The company says it has awarded over $81.6 million in bug bounties since the first Vulnerability Reward Program went live in 2010, while the highest reward paid last year was of $250,000.

“Our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer,” Google said.