OpenAI has unveiled a new bug bounty program offering rewards for security researchers if they can uncover vulnerabilities in its products.
In an announcement on Tuesday, the California-based AI firm said the bug bounty scheme is “essential to our commitment to develop safe and advanced AI” and deliver services that are secure, reliable, and trustworthy.
As part of the initiative, OpenAI said it will offer a tiered reward system based on the severity of bugs uncovered by researchers.
Rewards can range from as little as $200 for low-severity flaws with a maximum reward of $20,000 for “exceptional discoveries”.
“The OpenAI Bug Bounty Program is a way for us to recognize and reward the valuable insights of security researchers who contribute to keeping our technology and company secure,” the firm said in a statement.
“We invite you to report vulnerabilities, bugs, or security flaws you discover in our systems. By sharing your findings, you will play a crucial role in making our technology safer for everyone.”
Researchers participating in the new initiative will be able to disclose vulnerabilities or flaws through a partner organisation, Bugcrowd.
Bugcrowd will manage the submission and reward process, which OpenAI said is designed to “ensure a streamlined experience for all participants”.
ChatGPT vulnerability concerns
The move from OpenAI follows a period of unrest over security-related issues at the generative AI firm, which has close ties with Microsoft.
Last month, the company revealed that a bug in ChatGPT led to a leak of users' data.
RELATED RESOURCE
SOC modernisation and the role of XDR
How to cope with increasing threats and IT sprawl
This flaw meant that ChatGPT Plus users began seeing user email addresses, subscriber names, payment addresses, and limited credit card information.
The issue prompted the company to temporarily take the chatbot offline to work on a fix.
“The bug was discovered in the Redis client open-source library, redis-py,” OpenAI explained in a post at the time.
“As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue.”
-
Why Dell PowerEdge is the right fit for any data center needAs demand rises for RAG, HPC, and analytics, Dell PowerEdge servers provide the broadest, most powerful options for the enterprise
-
Oracle's huge AI spending has some investors worriedNews Oracle says in quarterly results call that it will spend $15bn more than expected next quarter
-
OpenAI hailed for ‘swift move’ in terminating Mixpanel ties after data breach hits developersNews The Mixpanel breach prompted OpenAI to launch a review into its broader supplier ecosystem
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Pentesters are now a CISOs best friend as critical vulnerabilities skyrocketNews Attack surfaces are expanding rapidly, but pentesters are here to save the day
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
