OpenAI is Offering Cash Rewards to Report Bugs

OpenAI is offering to pay users that identify bugs and vulnerabilities up to $20,000, with the average payout at $1,200.

However, its bug bounty program is not looking for issues related to content generated by models, like hallucinations or where ChatGPT says something it is not supposed to, as these are “strictly out of scope.”

Michael Kearns, notable computer scientist from the University of Pennsylvania, had called for the creation of 'bias bounties' paid to users who spot bias in machine learning models.

Instead, OpenAI's program is looking for problems related to logins, subscriptions and its own plugins. It recently launched ChatGPT support for plugins. However, OpenAI said developers are “not authorized” to conduct security testing on plugins created by other entities.

OpenAI also wants developers to find issues with its APIs, including cloud storage accounts and cloud computing servers, such as Azure virtual machines. The OpenAI website and developer documentation are among the targets OpenAI wants internet users to test for vulnerabilities.

OpenAI has teamed up with the crowdsource security platform Bugcrowd to run the program and manage the submission and reward process.

Thus far, 22 vulnerabilities have been rewarded, with bug submissions either accepted or rejected within seven hours. Cash rewards are subject to the severity and impact of the reported issues.

“We invest heavily in research and engineering to ensure our AI systems are safe and secure,” OpenAI said. “However, as with any complex technology, we understand that vulnerabilities and flaws can emerge. We believe that transparency and collaboration are crucial to addressing this reality.”