On Monday, Google launched a new reward program dedicated specifically to finding bugs in AI products. Google’s list of qualifying bugs includes examples of the kind of rogue actions it’s looking for, like indirectly injecting an AI prompt that causes Google Home to unlock a door, or a data exfiltration prompt injection that summarizes all of someone’s email and sends the summary to the attacker’s own account.

The new program clarifies what constitutes an AI bug, breaking them down as issues that use a large language model or a generative AI system to cause harm or take advantage of a security loophole, with rogue actions at the top of the list. This includes modifying someone’s account or data to impede their security or do something unwanted, like one flaw exposed previously that could open smart shutters and turn off the lights using a poisoned Google Calendar event.

Simply getting Gemini to hallucinate will not cut it. The company says that issues related to content produced by AI products — such as generating hate speech or copyright-infringing content — should be reported to the feedback channel within the product itself. According to Google, that way its AI safety teams can “diagnose the model’s behavior and implement the necessary long-term, model-wide safety training.”

Along with the new AI reward program, Google also announced on Monday an AI agent that patches vulnerable code called CodeMender. The company says it has used to patch “72 security fixes to open source projects” after vetting by a human researcher.

The $20,000 prize is awarded for rooting out rogue actions on Google’s “flagship” products Search, Gemini Apps, and core Workspace applications like Gmail and Drive. Multipliers for report quality and a novelty bonus are also available, which could bring the total amount up to $30,000. The price drops for bugs found on Google’s other products, like Jules or NotebookLM, and for lower-tier abuses, such as stealing secret model parameters.