The artificial intelligence company OpenAI announced that the maximum bug bounty reward for “exceptional and differentiated” serious security vulnerabilities has been increased from $20,000 to $100,000. OpenAI claims that its services and platforms, which are used by 400,000,000 users in businesses, enterprises and governments around the world every week, have been increased from $20,000 to $100,000.
“We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings to $100,000 (previously $20,000),” The company “19459025” said
“This increase reflects our commitment to rewarding meaningful, high-impact security research that helps us protect users and maintain trust in our systems.”
In order to reward high-impact security work, OpenAI will offer bounty bonuses in certain categories as part of its ongoing efforts.
OpenAI, for example, has doubled payouts until April 30 to security researchers who report Insecure Direct Object Reference vulnerabilities (IDOR) in its infrastructure and product, with a maximum of $13000. OpenAI launched a bug bounty program with payouts up to $20,000 in April 2023 for researchers who report security flaws, bugs or vulnerabilities in its product line through the Bugcrowd crowdsourced platform.
According to the company, model safety issues and jailbreaks or safety bypasses used by ChatGPT users in order to trick the Chatbot into ignoring safeguards that OpenAI engineers have implemented are not included. OpenAI announced its bug bounty program a month after a ChatGPT payment leak was revealed. The bug was blamed on an open-source library bug in the platform’s Redis client.
This bug, as disclosed at the time, caused the ChatGPT Service to expose chat queries, personal data, (subscribers names, email addresses and payment addresses) and partial credit card details for approximately 1.2% of ChatGPTPlus subscribers.
