OpenAI, a highly regarded artificial intelligence (AI) research lab, has recently taken steps to bolster the security of its technology by launching a bug bounty program. The program, which is in partnership with the crowdsourced cybersecurity company Bugcrowd, will incentivize independent researchers to report vulnerabilities in OpenAI’s systems with rewards ranging from $200 to $20,000. With the increasing number of AI-enabled social engineering attacks occurring in recent months, OpenAI’s decision to begin such a program indicates an attempt to enact greater security measures for its powerful language models such as ChatGPT.
However, the bug bounty program appears to have difficulty addressing the wider security threats presented by AI technology. For example, the program does not cover ethical concerns related to malicious use of AI, such as the malicious creation of synthetic media through workarounds, which has already been achieved. Additionally, the program specifically excludes issues related to the content of the model prompts and responses, which could potentially include jailbreaks, safety bypasses and malicious code.
OpenAI’s bug bounty program provides an opportunity for the organization to demonstrate its commitment to developing reliable and secured AI technology, while situating itself as an organization adhering to generally accepted ethical conduct.
At the same time, the limitations of the bug bounty program in terms of its restricted scope indicate that there is still much work to be done if we are to effectively address the grievances around AI security posed by powerful and advanced AI technology.
OpenAI is a San Francisco-based company focusing on research in artificial intelligence and machine learning, co-founded by Elon Musk, Sam Altman, Greg Brockman and others. It has been highly influential in the development of advanced AI tools and models, partnering with Microsoft, Google, Facebook and other tech companies to maximize their AI investments and secure their AI systems.
Rez0, a prominent security researcher, allegedly used an exploit to hack a GPT-4-powered model and discover over 80 secret plugins. Rez0’s findings as well as the recent discovery of workarounds for malicious code have highlighted the need for greater security measures surrounding AI, potentially motivating OpenAI’s bug bounty program venture.