OpenAI Unveils New Bug Bounty Program to Fortify Cybersecurity

To strengthen the security of its state-of-the-art line of products, OpenAI has launched a novel bug bounty program, inviting registered security specialists to identify and report potential system flaws.

The program boasts attractive incentives, starting at $200 for less significant bugs and reaching an impressive $20,000 for critical vulnerabilities.

OpenAI said its latest initiative signifies its dedication to cybersecurity as the organization acknowledges the hazards associated with the swift advancement and widespread adoption of artificial intelligence technologies.

By motivating highly skilled security researchers to examine its systems for weaknesses, OpenAI said it aims to address security risks and maintain the confidence of its users.

“We believe that transparency and collaboration are crucial to addressing this reality,” reads OpenAI’s announcement. “That’s why we are inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help us identify and address vulnerabilities in our systems. We are excited to build on our coordinated disclosure commitments by offering incentives for qualifying vulnerability information. Your expertise and vigilance will have a direct impact on keeping our systems and users secure.”

The bug bounty program welcomes registered security experts worldwide to submit their discoveries through Bugcrowd, a well-established crowd-sourced security platform.

Once a submission is received, the organization's cybersecurity team will assess the reports. If a vulnerability is deemed legitimate, the researcher will receive a reward based on the severity and potential consequences of the issue.

The rewards are tiered in various ways, depending on the product that harbored the vulnerability and the severity of the flaw. The company also listed out-of-scope scenarios that would not be rewarded, such as:

• Brute-forcing APIs, DDoS, password-spraying, fuzzing
• Attacks against OpenAI personnel (social engineering, phishing)
• Exploits using leaked or stolen credentials
• Clickjacking
• Attacks on systems not explicitly mentioned as “in-scope” by the bug bounty program
• Spam or attacks against email servers and protocols

OpenAI's bug bounty program is intended as an ongoing initiative to consistently enhance its products' security. The organization aspires to cultivate a collaborative environment for identifying and addressing potential threats by involving cybersecurity experts worldwide.