Security Program Controls/Technologies, Vulnerability Management
OpenAI to pay up to $20,000 for ChatGPT bug bounty program

OpenAI launched a bug bounty program that will pay up to $20,000 to those who discover security flaws. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
OpenAI is offering rewards of up to $20,000 in a bug bounty program to those who discover security flaws in its artificial intelligence systems, including the large language model ChatGPT. The AI company said in an April 11 blog post announcing the program that the reward amount will be based on the severity and impact of the reported issues, which can range from $200 for "low-severity findings" to $20,000 for "exceptional discoveries."Bugcrowd, a bug bounty platform, has partnered with the company to handle the submission and reward process.The announcement arrives amidst growing security concerns over the company's widely used and massively popular model ChatGPT. Last month, the company temporarily shut down the entire ChatGPT system after users reported a bug that allows them to see others' chatbot conversations. While the company has patched the bug, it admitted that some users' payment information, including the last four digits of their credit card number and card expiration date, may have been exposed. Three days later, a Twitter user known as rez0 said he found over 80 secret plugins for the ChatGPT API while hacking into the system. In response to the finding, Gal Nagli, an active researcher on BugCrowd's platform, said on Twitter that he would help the company "catch these edge-cases" in the future if it offered a paid bug bounty program. The bug bounty awarded 14 vulnerabilities in the first day of the program, with an average payout of $1,287.50. Approximately 75% of submissions are accepted or rejected within three hours, BugCrowd data showed.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds