Building the world’s most effective security research community
Google relies on thousands of independent security researchers — “bug hunters” — to find and report vulnerabilities across its products.
Google wanted to create a modern, centralised platform that celebrated the community, streamlined reporting, and made it easier for both new and veteran hunters to do their best work.
Our approach
We started where it mattered most — with the people.
Over several months, we conducted in-depth research with:
The community
From first-time hunters to world-leading experts. We interviewed researchers in multiple countries, gathering stories about their experiences, frustrations, and motivations.
The business
Engaging Google’s internal security teams to understand the operational, technical, and cultural requirements of the platform.
In the field
Attending a Capture the Flag (CTF) event to see bug hunting in action. This gave us a front-row seat to the tools, workflows, and problem-solving techniques that define the practice.
The insights shaped every aspect of the redesign, from navigation and reporting flows to the tone, accessibility, and recognition features.
What we learned
Clarity and
speed
The quicker they can report, the faster they can move to the next challenge.
Recognition and reward
Public leaderboards, badges, and community highlights drive engagement
Learning is constant
Even experts want new challenges, resources, and opportunities to improve.
Accessibility matters
The platform had to work for a global audience with varying languages, devices, and connection speeds.
The impact
The result was a platform that made Google’s products safer for billions of users and strengthened the bond between Google and its most dedicated security partners.