Google Cloud has announced its 2022 bug bounty report revealing it awarded researchers some $313,337.

Bug bounties are a popular way for companies to find bugs and security vulnerabilities, paying researches to find and report them before bad actors can exploit them. Google Cloud unveiled its VRP Prize program in 2019, but the company says 2022 saw an increase in collaboration between researchers, leading “to more detailed and complex vulnerability reports.”

The top prize was awarded to Yuval Avrahami, and came in at $133,337:

Yuval Avrahami for the report and write-up Privilege escalations in GKE Autopilot. Yuval’s excellent write-up describes several attack paths that would allow an attacker with permission to create pods in an Autopilot cluster to escalate privileges and compromise the underlying node VMs. While these VMs are accessible to customers in GKE Standard, this research led to several hardening improvements in Autopilot that make it a better secure-by-default Kubernetes offering.

Second and third place paid $73,331 and $31,337 respectively.

The company emphasized the overall success of its program:

2022 was a successful year for Google’s Vulnerability Reward Programs (VRPs), with over 2,900 security issues identified and fixed, and over $12 million in bounty rewards awarded to researchers. A significant amount of these vulnerability reports helped improve the security of Google Cloud products, which in turn helps improve security for our users, customers, and the Internet at large.