OpenAI has significantly raised its maximum bug bounty reward, increasing it fivefold from $20,000 to $100,000 for "exceptional and differentiated" critical security vulnerabilities. This move underscores the company's dedication to cybersecurity and the protection of its vast user base.
A Growing Commitment to Security
With over 400 million users worldwide, spanning businesses, enterprises, and governments, OpenAI continues to reinforce its security infrastructure. The company stated that this substantial bounty increase reflects its commitment to encouraging impactful security research that strengthens user trust and enhances system safety.
"We are significantly increasing the maximum bounty payout for exceptional and differentiated critical findings to $100,000 (previously $20,000)," OpenAI announced. "This increase reflects our commitment to rewarding meaningful, high-impact security research that helps us protect users and maintain trust in our systems."
Limited-Time Bounty Promotions
In addition to raising the maximum bounty, OpenAI has introduced limited-time promotions to further incentivize security researchers. During these promotional periods, qualifying reports within specific categories will receive additional bounty bonuses.
Currently, until April 30, OpenAI has doubled payouts for security researchers who identify and report Insecure Direct Object Reference (IDOR) vulnerabilities in its infrastructure and products. The maximum reward for these specific reports has been set at $13,000.
OpenAI's Bug Bounty Evolution
Since launching its bug bounty program in April 2023, OpenAI has continuously expanded its security initiatives. Initially, the program offered payouts of up to $20,000 for researchers reporting vulnerabilities, bugs, or security flaws within OpenAI's ecosystem through the Bugcrowd crowdsourced security platform.
However, OpenAI has specified that model safety issues, such as jailbreaks and safety bypasses designed to circumvent ChatGPT's safeguards, remain out of scope for the program.
A Response to Past Security Incidents
The company introduced its bug bounty program following a security incident in March 2023, when a ChatGPT payment data leak was attributed to a bug in OpenAI's Redis client open-source library. This flaw led to the unintended exposure of chat queries and sensitive subscriber information, including names, email addresses, payment details, and partial credit card information, impacting around 1.2% of ChatGPT Plus subscribers.
By strengthening its bug bounty program and increasing rewards, OpenAI is demonstrating a proactive approach to cybersecurity, fostering collaboration with the ethical hacking community to reinforce its platforms against emerging threats.
Keywords:
OpenAI, bug bounty, cybersecurity, ethical hacking, security vulnerabilities, data protection, IDOR vulnerability, Bugcrowd, security research, AI security, cybersecurity rewards, data breach prevention
0 Comments