OpenAI has unveiled a new bug bounty program offering rewards for security researchers if they can uncover vulnerabilities in its products.
In an announcement on Tuesday, the California-based AI firm said the bug bounty scheme is “essential to our commitment to develop safe and advanced AI” and deliver services that are secure, reliable, and trustworthy.
As part of the initiative, OpenAI said it will offer a tiered reward system based on the severity of bugs uncovered by researchers.
Rewards can range from as little as $200 for low-severity flaws with a maximum reward of $20,000 for “exceptional discoveries”.
“The OpenAI Bug Bounty Program is a way for us to recognize and reward the valuable insights of security researchers who contribute to keeping our technology and company secure,” the firm said in a statement.
“We invite you to report vulnerabilities, bugs, or security flaws you discover in our systems. By sharing your findings, you will play a crucial role in making our technology safer for everyone.”
Researchers participating in the new initiative will be able to disclose vulnerabilities or flaws through a partner organisation, Bugcrowd.
Bugcrowd will manage the submission and reward process, which OpenAI said is designed to “ensure a streamlined experience for all participants”.
ChatGPT vulnerability concerns
The move from OpenAI follows a period of unrest over security-related issues at the generative AI firm, which has close ties with Microsoft.
Last month, the company revealed that a bug in ChatGPT led to a leak of users' data.
RELATED RESOURCE
SOC modernisation and the role of XDR
How to cope with increasing threats and IT sprawl
This flaw meant that ChatGPT Plus users began seeing user email addresses, subscriber names, payment addresses, and limited credit card information.
The issue prompted the company to temporarily take the chatbot offline to work on a fix.
“The bug was discovered in the Redis client open-source library, redis-py,” OpenAI explained in a post at the time.
“As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue.”
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Bugcrowd’s new MSP program looks to transform pen testing for small businessesNews Cybersecurity provider Bugcrowd has launched a new service aimed at helping MSP’s drive pen testing capabilities - with a particular focus on small businesses.
-
OpenAI announces five-fold increase in bug bounty rewardNews OpenAI has announced a slew of new cybersecurity initiatives, including a 500% increase to the maximum award for its bug bounty program.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
