OpenAI launches a bug bounty program for ChatGPT

Helpful submissions can earn up to $20,000.


OpenAI is turning to the public to find bugs in ChatGPT, announcing a "Bug Bounty Program" to reward people who report any security flaws, vulnerabilities or other issues within the AI system.

The bounty is open to anyone from actual researchers to general people who just like exploring technology. Rewards come in the form of cash prizes with "low-severity findings" starting at $200 and "exceptional discoveries" going all the way up to $20,000. Bugcrowd, a bug bounty platform, is handling submissions and payouts.

Google and Apple are among the tech companies that have previously implemented bug bounty programs. In 2019, Google paid out $6.5 million to people who reported issues, giving as much as $201,337 in one reward. Apple went even further to offer up to $2 million for anyone that finds "issues that bypass the specific protections of Lockdown Mode."

ChatGPT has struggled with bugs — last month the entire system went offline after users reported seeing names of conversations they weren't a part of. Then, a few days later, a Twitter user posted that they had found more than 80 secret plugins while hacking ChatGPT.

Not all issues reported to OpenAI will warrant a cash prize, including jailbreaking or getting the model to say or pretend to do anything negative. The company's bug bounty announcement tries hard to show it cares about privacy and security, but also adds, "While we work hard to prevent risks, we can't predict every way people will use or misuse our technology in the real world." Time will tell if this initiative will do anything to prevent it.