OpenAI has rolled out a public bug bounty program aimed at addressing abuse and safety risks specific to its artificial intelligence products. This initiative seeks to involve the public in identifying potential vulnerabilities that may not fit traditional security criteria, thereby enhancing the overall safety of its offerings.
Program Structure and Goals
The latest program complements the existing security bug bounty initiative at OpenAI. It is designed to cover issues that do not meet standard security vulnerability requirements. OpenAI’s Safety and Security Bug Bounty teams will assess submissions, and they may reassign them based on their nature and ownership scope.
Issues that fall under AI-specific safety scenarios include third-party prompt injection attacks and unauthorized data access through OpenAI’s website. In addition, harmful actions executed by OpenAI’s agentic products are also under scrutiny.
Scope of the Program
The program welcomes reports on vulnerabilities that expose proprietary information or compromise account and platform integrity. OpenAI emphasizes that if researchers discover flaws leading directly to user harm with actionable solutions, these will be evaluated for potential rewards.
Hosted on Bugcrowd, the program follows the rules of OpenAI’s security bug bounty scheme, with some new additions. It includes design and implementation flaws that could lead to significant harm, such as bypassing abuse protections.
Participation and Rewards
Researchers are encouraged to identify abuse risks in agentic OpenAI tools such as Atlas Browser, Codex, and ChatGPT. Vulnerabilities in connectors and MCP integrators that can be leveraged for material harm are also of interest.
The program offers rewards of up to $7,500 for submissions that clearly define high-severity, reproducible issues along with recommended mitigation steps. However, the final decision on reward eligibility and amounts rests with OpenAI.
By launching this program, OpenAI aims to bolster the safety of its AI technologies, inviting external experts to help identify and mitigate risks proactively. This collaborative approach seeks to ensure that AI advancements are secure and reliable for all users.
