OpenAI, a research company dedicated to developing reliable, secure, and advanced AI systems, has recently launched a Bug Bounty Program to incentivize those who can help improve the safety and reliability of the company’s applications. Anyone with the right skill set and who discovers and reports any vulnerabilities in OpenAI’s systems, like those of ChatGPT and DALL-E, can earn cash rewards, thus creating a win-win situation for all involved.
OpenAI promises to protect you from liabilities or penalties if you follow their stated guidelines and will also promptly acknowledge and remedy validated vulnerabilities. The company also recognizes individual contribution that is unique and results in a code or configuration change, though you cannot disclose your findings to the public after submitting them. This Bug Bounty Program covers all of OpenAI’s systems, including APIs, targets, and keys, their research organization, and their ChatGPT applications–though not issues related to model prompt content or responses, AI hallucinations, or model safety, such as safety bypasses and malicious code creation.
The reward system for the Bug Bounty Program is determined by the severity and impact of the vulnerability; typically, this can range from $200 to $6,500 per vulnerability but can sometimes be higher, with the total rewards capping at $20,000. The vulnerability levels and rewards are ultimately determined by Bugcrowd’s Vulnerability Rating Taxonomy and OpenAI if they deem it necessary, though they don’t reimburse any purchases or upgrades made in identifying or thereafter testing for bugs.
In order to participate in the program, you will need an account with Bugcrowd, who are facilitating this bounty program. OpenAI suggests you complete additional, authorized testing using an “@bugcrowd.com” email address. After creating this account, you can simply click the “Submit Report” tab on the program’s homepage and fill out the required information, and Bugcrowd’s terms and conditions, to report Bugs and vulnerabilities. The company claims it will promptly remedy validated vulnerabilities.
So if you’re a security researcher, ethical hacker, or technology enthusiast and you have what it takes, you can join OpenAI’s Bug Bounty Program to help improve their systems and get paid for your efforts. Keep in mind all their guidelines and conditions when doing so to make the experience a safe and successful one for all involved.
