OpenAI to Offer Rewards Up to $20,000 for Reporting ChatGPT Vulnerabilities

Published on: April 13, 2023
Last Updated: April 13, 2023

OpenAI to Offer Rewards Up to $20,000 for Reporting ChatGPT Vulnerabilities

Published on: April 13, 2023
Last Updated: April 13, 2023

OpenAI introduced a Bug Bounty Program on Tuesday, which will compensate individuals with $200 to $20,000 for identifying bugs in ChatGPT, OpenAI plugins, the OpenAI API, and other relevant services.

The program offers varying rewards, starting from $200 for identifying “low-severity findings” to $20,000 for discovering “exceptional vulnerabilities.”

Reports can be submitted through the cybersecurity crowdsourcing platform Bugcrowd.

“The ultimate goal of OpenAI is to create AI systems that benefit everyone,” the Microsoft-backed company stated.

“To that end, we invest heavily in research and engineering to ensure our AI systems are safe and secure. However, as with any complex technology, we understand that vulnerabilities and flaws can emerge.”

OpenAI expressed appreciation to security researchers interested in joining the program, stating, “We recognize the critical importance of security and view it as a collaborative effort. By sharing your findings, you will play a crucial role in making our technology safer for everyone.”

It is worth noting that the bounty program does not offer rewards for jailbreaking ChatGPT or inducing it to produce malicious code or text.

OpenAI’s Bugcrowd page states, “Issues related to the content of model prompts and responses are strictly out of scope and will not be rewarded.”

Jailbreaking ChatGPT typically involves entering complex scenarios into the system to bypass its own safety filters.

These scenarios may include instructing the chatbot to act as its “evil twin,” allowing users to elicit prohibited responses such as hate speech or instructions on making weapons.

OpenAI’s bug bounty program is not the first of its kind, as other companies have also offered monetary rewards to individuals who identify bugs in their systems.

Some of the companies that have implemented similar initiatives include Amazon, AT&T, Bumble, BuzzFeed, Chime, Coinbase, and Google Chrome.

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Husain Parvez

Husain has been around the internet ever since the dial-up days and loves writing about everything across the technosphere. He loves reviewing tech, writing about VPNs, and covering Cybersecurity news.