OpenAI has introduced a new public initiative called the Safety Bug Bounty program to identify and mitigate AI-related abuse and safety risks within its products. This program is hosted on Bugcrowd and represents a significant effort by OpenAI to address vulnerabilities that extend beyond traditional security concerns but still pose substantial real-world threats.
Integrating AI Safety with Existing Security Measures
The Safety Bug Bounty program aims to complement OpenAI’s existing Security Bug Bounty initiative by accepting reports that highlight significant abuse and safety risks, even if they do not fit the typical criteria for security vulnerabilities. Submissions will be jointly assessed by OpenAI’s Safety and Security Bug Bounty teams and may be redirected based on the issue’s scope and relevance.
Key Areas of AI-Specific Risks
The program addresses several defined categories of AI-specific safety scenarios. A major focus is on agentic risks, such as third-party prompt injection and data exfiltration, where attacker-controlled text could potentially hijack AI agents like the Browser or ChatGPT Agent. To qualify, the behavior must be replicable at least 50% of the time, and reports on large-scale harmful actions are also considered.
Another area is the protection of OpenAI’s proprietary information. Researchers can report model generations that inadvertently expose reasoning-related confidential data or other vulnerabilities that compromise OpenAI’s proprietary information.
Exclusions and Additional Opportunities
OpenAI has specified exclusions from the program, such as generic jailbreaks that lead to inappropriate language or reveal publicly available information. Content-policy bypasses without evident safety or abuse implications are also out of scope. However, OpenAI occasionally conducts private bug bounty campaigns targeting specific harm types, inviting researchers to apply when available.
Vulnerabilities that allow unauthorized access to features or data beyond permitted permissions should be directed to the existing Security Bug Bounty program.
Encouraging Safety-Driven Research
The launch of this program signifies a growing awareness of the unique attack surfaces introduced by AI systems, which traditional security frameworks may not adequately address. By promoting safety-centric research alongside conventional vulnerability disclosures, OpenAI is laying the groundwork for a structured approach to AI-specific threat modeling.
Researchers interested in contributing can apply directly through OpenAI’s Safety Bug Bounty page on Bugcrowd. This initiative is part of OpenAI’s commitment to enhancing AI system safety and integrity.
Stay informed by following us on Google News, LinkedIn, and X for daily updates on cybersecurity. Contact us for opportunities to feature your stories.
