iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Artificial intelligence company OpenAI has announced a bug bounty program for its AI-based products, including ChatGPT.
The program will offer between US$200 to US$6,500 per vulnerability, up to a maximum reward of US$20,000. The bounty program will be run by security start-up Bugcrowd.
“Security is essential to OpenAI’s mission,” OpenAI said on its bug bounty page. “We appreciate the contributions of ethical hackers who help us uphold high privacy and security standards for our users and technology.”
However, there is a swathe of possible vulnerabilities that are not within the scope of the program. Safety issues such as jailbreaking OpenAI’s apps are not part of the program, nor are issues where chatbots can be convinced to “say bad things”, in the words of OpenAI.
“Model safety issues do not fit well within a bug bounty program, as they are not individual, discrete bugs that can be directly fixed,” said OpenAI. “Addressing these issues often involves substantial research and a broader approach. To ensure that these concerns are properly addressed, please report them using the appropriate form rather than submitting them through the bug bounty program.”
The program includes not only OpenAI’s applications but also its website, documentation, and Open AI’s API keys, though the latter also needs to be submitted via a different form.
OpenAI’s bug bounty page has all the reporting and scope details.
Bugcrowd chief information and security officer Nick McKenzie is pleased to be partnering with Open AI.
“Today, OpenAI partnered with Bugcrowd to launch their first bug bounty program,” McKenzie said in a statement. “We invite the researcher community to earn cash awards (up to $20,000 USD) for finding and responsibly reporting security vulnerabilities on its AI systems, including the popular ChatGPT.”
“This initiative is an essential part of our commitment to developing safe and advanced AI,” said OpenAI head of security Matthew Knight.
“As we create technology and services that are secure, reliable and trustworthy, we would like your help.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
