OpenAI will give researchers up to 20k for finding security flaws
ChatGPT, keys, and targets are all open to scrutiny under a new bug bounty program worth up to $20,000
OpenAI, the startup behind the popular ChatGPT AI writer, has announced the launch of a new bug bounty program with some pretty significant rewards for the most “exceptional discoveries.”
Cash-based rewards are set to range from $200 for low-severity findings to as much as $20,000, with participants asked to focus on vulnerabilities, bugs, and security flaws.
The company says it’s doing this to harness a more transparent and collaborative environment which is an important step in opening up the technology amid speculations of potential large language model (LLM) misuse.
OpenAI bounty program
Security researchers, ethical hackers, and technology enthusiasts are all being asked to come together and help OpenAI to find - and understand - its flaws. A dedicated Bugcrowd page has been set up to handle submissions and rewards.
Researchers are being asked not to submit model safety issues via the bug bounty program, and instead to submit them via a separate form. OpenAI says this is because investigating such issues requires huge amounts of research by specialists, and thus beyond the scope of the bounty program that offers up to $20,000.
OpenAI explains: “Model safety issues do not fit well within a bug bounty program, as they are not individual, discrete bugs that can be directly fixed.”
However, other security bugs pertaining to ChatGPT are within the scope for bounties, along with API targets, third-party corporate targets, OpenAI API keys, OpenAI Research Org, and other OpenAI targets. Each category has its own tiers for reward paybacks, and not all are eligible for the full $20,000.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
A full and detailed list of all the aspects both included and excluded from the program is available on the Bugcrowd page.
- Check out the best endpoint protection software
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!