OpenAI launches $20k Bug Bounty Program to make its products safer

The company is offering rewards 'for exceptional discoveries',
Ameya Paleja
OpenAI wants security researchers to looks at bugs in its code
OpenAI wants security researchers to looks at bugs in its code


OpenAI, the creator of conversational chatbot ChatGPT, has announced a Bug Bounty program where users can report "vulnerabilities, bugs, or security flaws" and be financially rewarded for finding them. The company has announced rewards ranging from $200 to $20,000 depending on the severity of the flaw and teamed up with a popular bug-finding platform to streamline the process.

OpenAI's ChatGPT has ushered in a race for artificial intelligence (AI) models that provide comprehensive solutions to user queries and can even simulate intriguing imagery with the help of a few text prompts.

While the technology is advancing at a breathtaking pace and producing some mind-boggling results, there are also concerns about these products' safety. AI researchers like Stuart Russell have warned that unchecked, the rise of AI could result in a Chernobyl-like incident for the tech industry.

OpenAI's Bug Bounty Program

OpenAI has been looking to assure its users that products are safe and are extensively tested before being released to the public. With the Bug Bounty program, the company acknowledges that its systems can have flaws and vulnerabilities and is looking to collaborate with experts beyond its organizational domain to find and fix them.

In a blog post, OpenAI said that it was inviting the security research community to participate and report flaws in its system to make it safer for all. The company has also provided incentives on the basis of the severity of the flaws discovered.

OpenAI launches $20k Bug Bounty Program to make its products safer
Exceptional bug spotting could get one $20,000 as reward

Low-severity findings could fetch a reward of $200, while exceptional discoveries could get a reward of up to $20,000. Bugcrowd, a leading bug bounty platform, handles the bug submission and reward process.

As per the Bugcrowd's webpage on the program, issues related to the content of model prompts or responses, such as getting the model to write malicious code or say bad things are not part of the program's scope.

What is included are API targets, ChatGPT, Third-party corporate targets that could potentially expose OpenAI's confidential information, and OpenAI API keys. The validation of the bug is completed in about two hours. So far, 14 vulnerabilities have been rewarded with an average payout of nearly $1,300.

Participation in the Bug Bounty Program also means that users cannot disclose vulnerabilities they find to the public. Although OpenAI has called for transparency through this collaboration, it is unclear whether the company plans to list the vulnerabilities once they are fixed.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board