OpenAI Launches Its Own Bug Bounty Program

OpenAI, the company behind the ChatGPT AI chatbot, has announced the launch of a bug bounty program – a reward for discovering vulnerabilities. Researchers are promised to be paid up to $20,000 for vulnerabilities found in ChatGPT and other OpenAI products and assets.

Let me remind you that we also wrote that Amateur Hackers Use ChatGPT to Create Malware, and also that AI Chatbot Bard from Google Said That He Was Trained on Data from Gmail.

Registered security researchers will be able to search for bugs in the manufacturer’s product line and receive rewards for reporting them through the Bugcrowd crowdsourcing platform. The amount of the reward will depend on the severity and potential impact of the discovered issues, ranging from $200 for minor bugs to $20,000 for extremely serious vulnerabilities.

Although the OpenAI Application Programming Interface (API) and the ChatGPT chatbot are part of the bug bounty program, the company is asking researchers to report chatbot AI issues via a separate form if the bugs do not impact security.

Language model security issues do not fit well into a bug bounty program because they are not separate, isolated bugs that can be fixed directly. Solving these problems often requires serious research and a broader approach. To make sure these issues are properly fixed, please report them using the dedicated form, rather than submitting them through the bug bounty program. By reporting them properly, you allow our researchers to use these reports to improve the model.says OpenAI.

Other issues that fall outside the scope of the bounty program include jailbreaks and security bypasses that ChatGPT users are using to force the ChatGPT chatbot to ignore rules set by OpenAI engineers.

As a reminder, last month, Chat-GPT users suffered a data breach in which users saw other people’s AI requests, and some ChatGPT Plus subscribers saw other people’s personal data, including the subscriber’s name, email address, billing address, as well as recent four digits of the bank card number and its expiration date.

As it turned out later, this failure occurred due to an error in the Redis open source client library. Although the company does not link the launch of a bug bounty program to this incident, it is likely that the problem that caused the leak could have been discovered earlier and the leak could have been avoided.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button