
OpenAI will now reward you for finding bugs in ChatGPT.
On Tuesday, OpenAI announced a bug bounty program that will reward people between $200 and $20,000 for finding bugs within ChatGPT, the OpenAI plugins, the OpenAI API, and other related services. “We invite you to report vulnerabilities, bugs, or security flaws you discover in our systems,” said the announcement. “By sharing your findings, you will play a crucial role in making our technology safer for everyone.”
OpenAI’s launch of a bug bounty program comes on the heels of a data breach and mounting concern over privacy risks. A few weeks ago, a bug was discovered that exposed chat titles, the first message of new conversations, and payment information from ChatGPT Plus users. OpenAI has also been under intense scrutiny for how it protects user data, especially when it comes to minors. ChatGPT was banned in Italy for this very reason. These issues, plus an open letter signed by Steve “Woz” Wozniak and Elon Musk calling for a six-month pause on AI systems, seem to have prompted OpenAI to publicly assert its commitment to safety.
The bug bounty program is managed by Bugcrowd which will handle the submissions and rewards. The monetary amount of the reward is based on the severity of the bug. But don’t get too excited yet. There are lengthy guidelines and rules of engagement for what won’t be rewarded. Jailbreaks, “getting the model to say bad things to you,” and hallucinations are explicitly out of scope. Also don’t try any attacks that may “degrade, disrupt, or negatively impact services or user experience” like a Denial of Service attack (DDoS) or scams like social engineering or phishing.
At the time of publication, four vulnerabilities have already been rewarded. Let the hunt commence.