Meta's Bug Bounty Program is celebrating its 15th anniversary in 2025, highlighting significant achievements and updates. This year alone, the program awarded over $4 million for nearly 800 valid bug reports, contributing to a total of more than $25 million given to researchers since its inception. The program has engaged over 1,400 researchers from 88 countries, many of whom have transitioned into roles within Meta's security and engineering teams. A key development this year is the pilot of a specialized research track aimed at experienced researchers and academics focusing on platform abuse. This initiative includes internal engineering support and aims to make participation easier for those unfamiliar with bug bounty programs. Meta is also introducing the WhatsApp Research Proxy, a tool designed to facilitate research on WhatsApp's network protocol, which has proven challenging for researchers. This tool is currently in the testing phase with select long-time bug bounty participants. Among the notable findings in 2025, researchers from the University of Vienna identified a method for enumerating WhatsApp accounts at scale, using publicly available information without compromising user privacy. This discovery led to new anti-scraping protections. Additionally, an internal analyst discovered an incomplete validation bug in WhatsApp that could have allowed malicious content processing, which has since been patched. Security researcher RyotaK reported a serious issue with Unity applications on Quest devices, leading to a fix from Unity and an OS-level patch from Meta. These collaborations underscore the effectiveness of the Bug Bounty Program in enhancing platform security.