Google has restructured its Chrome and Android Vulnerability Reward Programs to prioritize high-impact, hard-to-discover flaws and to incentivize actionable reports that include proposed patches. Payouts increased for select Android/Pixel exploits while many Chrome base rewards and bonuses were reduced as Google shifts to concise proof-of-concept submissions in response to a surge of AI-driven vulnerability discovery from tools like Anthropic’s Claude Mythos and OpenAI’s GPT‑5.4‑Cyber. #Chrome #Android
Keypoints
- Google now prioritizes vulnerabilities with the highest user impact and those harder for AI to find.
- Android payouts increased significantly for top-tier Pixel Titan M exploits and secure element exfiltration.
- Chrome base rewards were lowered and last year’s bonuses phased out to focus on actionable, concise repros.
- Reports that include proposed patches and target Google-maintained Linux components will be strongly favored.
- The changes are a direct response to an influx of AI-generated vulnerability reports from tools like Claude Mythos and GPT‑5.4‑Cyber.