OpenAI has unveiled a new bug bounty program offering rewards for security researchers if they can uncover vulnerabilities in its products.
In an announcement on Tuesday, the California-based AI firm said the bug bounty scheme is “essential to our commitment to develop safe and advanced AI” and deliver services that are secure, reliable, and trustworthy.
As part of the initiative, OpenAI said it will offer a tiered reward system based on the severity of bugs uncovered by researchers.
Rewards can range from as little as $200 for low-severity flaws with a maximum reward of $20,000 for “exceptional discoveries”.
“The OpenAI Bug Bounty Program is a way for us to recognize and reward the valuable insights of security researchers who contribute to keeping our technology and company secure,” the firm said in a statement.
“We invite you to report vulnerabilities, bugs, or security flaws you discover in our systems. By sharing your findings, you will play a crucial role in making our technology safer for everyone.”
Researchers participating in the new initiative will be able to disclose vulnerabilities or flaws through a partner organisation, Bugcrowd.
Bugcrowd will manage the submission and reward process, which OpenAI said is designed to “ensure a streamlined experience for all participants”.
ChatGPT vulnerability concerns
The move from OpenAI follows a period of unrest over security-related issues at the generative AI firm, which has close ties with Microsoft.
Last month, the company revealed that a bug in ChatGPT led to a leak of users' data.
RELATED RESOURCE
SOC modernisation and the role of XDR
How to cope with increasing threats and IT sprawl
This flaw meant that ChatGPT Plus users began seeing user email addresses, subscriber names, payment addresses, and limited credit card information.
The issue prompted the company to temporarily take the chatbot offline to work on a fix.
“The bug was discovered in the Redis client open-source library, redis-py,” OpenAI explained in a post at the time.
“As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue.”
-
How to implement a four-day week in techIn-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businessesIn-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Cyber professionals call for a 'strategic pause' on AI adoption as teams left scrambling to secure toolsNews Security professionals are scrambling to secure generative AI tools
-
OpenAI is clamping down on ChatGPT accounts used to spread malwareNews Tools like ChatGPT are being used by threat actors to automate and amplify campaigns
-
Cisco takes aim at AI security at RSAC with ServiceNow partnershipNews The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Bugcrowd’s new MSP program looks to transform pen testing for small businessesNews Cybersecurity provider Bugcrowd has launched a new service aimed at helping MSP’s drive pen testing capabilities - with a particular focus on small businesses.
-
OpenAI announces five-fold increase in bug bounty rewardNews OpenAI has announced a slew of new cybersecurity initiatives, including a 500% increase to the maximum award for its bug bounty program.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
