Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Meta’s commitment to cybersecurity took center stage in 2024 as the tech giant awarded over $2.3 million in payouts to global security researchers participating in its bug bounty program.

Since its inception in 2011, the initiative has grown into a pillar of Meta’s defense strategy, with total payouts now exceeding $20 million.

This annual highlight reflects Meta’s ongoing collaboration with the security research community to enhance the safety and reliability of cutting-edge technologies like Generative AI (GenAI), augmented and virtual reality (AR/VR), and advertising tools.

The company celebrated these contributions at its annual Bug Bounty Summit and other high-profile security events throughout the year.

In 2024, Meta expanded its bug bounty program, bringing in nearly 10,000 reports from security researchers worldwide.

The company awarded bounties on around 600 valid submissions, sharing payouts with nearly 200 researchers from over 45 countries.

Notably, India, Nepal, and the United States emerged as the top three countries in terms of total bounties earned.

GenAI-Focused Research

Meta doubled down on engaging bug bounty researchers in its generative AI initiatives.

Building on its 2023 launch of generative AI features, the company encouraged submissions of security reports related to its large language models (LLMs).

Researchers were invited to assess privacy or security vulnerabilities, such as training data extraction through model inversion or other sophisticated tactics.

Meta credits its research community with providing impactful reports that bolster the integrity of its GenAI tools.

Strengthening Ads Tools and Hardware Security

Meta also targeted its ads audience tools and mixed reality hardware for security improvements.

It introduced specific payout guidelines for vulnerabilities in its advertising tools, offering maximum base payouts of $30,000 for critical issues involving personally identifiable information (PII).

On the hardware front, researchers identified potential issues in Quest devices and other AR/VR technologies.

Meta also showcased its cutting-edge hardware products at conferences like hardwear.io USA, enabling researchers to uncover and address vulnerabilities.

Meta continues to foster collaboration with its global bug bounty community.

In 2024, it hosted the Meta Bug Bounty Researcher Conference (MBBRC) in Johannesburg, South Africa, welcoming 60 top researchers.

The event saw over $320,000 in awards for notable contributions. Looking ahead, the 2025 MBBRC will take place in Tokyo, Japan, signaling Meta’s commitment to expanding its research engagement globally.

The program also celebrated long-time contributors like Philippe Harewood, who reached a 10-year milestone with over 500 valid reports.

His notable accomplishments include research on Instagram access token leaks and Ray-Ban Stories vulnerabilities.

As Meta continues its journey into 2025 and beyond, it remains dedicated to empowering researchers, providing resources for innovative security exploration, and maintaining its platforms’ safety for a global audience.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free