Google takes your security seriously. Indeed, across 2025 alone, it paid external security researchers, or hackers if you prefer, a total of $17 million to find and responsibly disclose security vulnerabilities across its products. Now, Google has announced that it will pay a staggering $1.5 million to anyone who can create a single exploit targeting the Pixel smartphone.

“We know that certain particularly impactful exploits remain incredibly difficult to achieve,” Shailesh Saini, director for Android, Alex Gough, a Google information security engineer and Tony Mendez, a technical program manager said in a joint announcement, “and we’ve greatly appreciated collaborating with the researcher community to discover and unearth them.” It is one such exploit that sits front and center of the revamped Android Vulnerability Reward Program posting: a zero-click full chain Pixel Titan M2 compromise with persistence.

Google Vulnerability Reward Program Revamp Ups The Android Hacking Ante

I have said it over and over again: hacking is not a crime . Not all hacking is bad, only criminal hacking. Without security researchers legally and ethically finding and disclosing vulnerabilities in the hardware and software we all use, the world would be a much more dangerous place. Vulnerability reward programs, or bug bounties to use the vernacular, are key to keeping on top of security. Which is why Google paid out $17 million last year to those hackers enrolled in its VRP.

In an April 30 bug hunters posting , Google said that it wants to “build on this partnership by continuing to emphasize the highest tiers of rewards across both Android and Chrome.” And, oh boy, is it doing just that.

Promising to reward the “most challenging and impactful vulnerabilities in our products,” as the hacking landscape shifts with the evolution of AI, Google has upped the bounty on a “full chain” zero-click exploit that hits the Titan M security chip in the Pixel smartphone, and does so with persistence, from an already impressive $1 million to a truly staggering $1.5 million. Do the same but without the persistence part, and Google will cough up a none-too-shabby $750,000.

You can find out more about the Google vulnerability reward program and report any security issues you have uncovered here .