VRP 2025 Year in Review
… As part of Google's Cybersecurity Awareness Month campaign in October, we hosted our very own security conference in Mexico City, ESCAL8 . …
Search
Google Workspace’s continuous approach to mitigating indirect prompt injections
… From there, new AI vulnerabilities are sourced, reproduced, and catalogued internally to ensure our products are not impacted. Vulnerability catalog All newly discovered vulnerabilities go through a comprehensive analysis process performed by the Google Trust, Security, & Safety teams. …
Vulnerability Reward Program: 2024 in Review
… Since its launch, Google Cloud VRP triaged over 400 reports and filed over 200 unique security vulnerabilities for Google Cloud products and services leading to over $500,000 in researcher rewards. …
Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
… U… By Mihai Maruseac Apr 04, 2025 Open Source Security OSV-SCALIBR: A library for Software Composition Analysis In December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. …
Google announces Sec-Gemini v1, a new experimental cybersecurity model
… With Sec-Gemini v1, analysts can understand the risk and threat profile associated with specific vulnerabilities faster. If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1 via this form . …
Mitigating prompt injection attacks with a layered defense strategy
… To learn more about Google’s progress and research on generative AI threat actors, attack techniques, and vulnerabilities, take a look at the following resources: Beyond Speculation: Data-Driven Insights into AI and Cybersecurity RSAC 2025 conference keynote from Google’s Threat Intelligence Group … …
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
… Internal Security Design and Privacy Reviews: Our dedicated security and privacy teams thoroughly review the design to ensure it meets our high standards. Internal Penetration Testing: We conduct extensive in-house testing to identify and fix vulnerabilities. …
Introducing OSS Rebuild: Open Source, Rebuilt to Last
… OSV-Scanner and OSV-SCALIBR, together with OSV.dev ar… By Rex Pan & Xueqin Cui Mar 17, 2025 Open Source Security OSV-SCALIBR: A library for Software Composition Analysis In December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source d… …
AI threats in the wild: The current state of prompt injections on the web
… To learn more about Google’s progress and research on generative AI threat actors, attack techniques, and vulnerabilities, take a look at the following resources: Google Workspace’s continuous approach to mitigating indirect prompt injections blog post from Google’s GenAI security team Mitigating p… …
Bringing Rust to the Pixel Baseband
… Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is advancing its proactive security measures further. …