**Google** is significantly updating its Android and Chrome vulnerability rewards programs (VRPs), offering substantial bounties for the most difficult exploits while recalibrating payouts for flaws that artificial intelligence (AI) can now more easily identify. ### Rewarding Complexity The top reward of $1.5 million is reserved for zero-click **Pixel** Titan M2 security chip full-chain exploits with persistence. This represents the most technically demanding attack scenario in the program. The same exploits, but without persistence, are eligible for up to $750,000. For **Google Chrome**, full-chain browser process exploits on up-to-date operating systems and hardware now carry rewards of up to $250,000, with an additional $250,128 bonus for successfully exploiting MiraclePtr-protected memory allocations. "We know that certain particularly impactful exploits remain incredibly difficult to achieve and we've greatly appreciated collaborating with the researcher community to discover and unearth them," **Google** stated in a blog post. "We want to build on this partnership by continuing to emphasize the highest tiers of rewards across both Android and Chrome." ### Adapting to AI in Bug Hunting **Google** is adapting its approach to vulnerability reports in light of AI's increasing capabilities. For the Chrome program, the focus is shifting to concise reports containing only bug proofs and essential artifacts, rather than lengthy written analyses that AI can now generate automatically. The Android program will narrow its focus to Linux kernel vulnerabilities in **Google**-maintained components, unless researchers can demonstrate concrete exploitability on Android devices. "While AI has made it effortless to produce lengthy, detailed write-ups, our internal tooling has also evolved to help us automatically explain and suggest fixes for bugs," the company added. ### Record Year for Bug Bounties This VRP restructuring follows a record year for **Google**'s bug bounty efforts. The company paid $17.1 million to 747 researchers in 2025, a more than 40 percent increase from 2024 and an all-time high. Since the program launched in 2010, total payouts have exceeded $81.6 million. **Google** anticipates that the total aggregate rewards paid in 2026 will increase despite reductions in some individual reward amounts.