OpenAI has announced the launch of a bug-bounty program to identify vulnerabilities in its systems, aimed at mitigating rising cybersecurity risks.
We’re launching the OpenAI Bug Bounty Program — earn cash awards for finding & responsibly reporting security vulnerabilities. https://t.co/p1I3ONzFJK
— OpenAI (@OpenAI) April 11, 2023
The project is conducted in partnership with the crowdsourcing platform Bugcrowd. Independent researchers may report vulnerabilities in OpenAI’s systems in exchange for cash rewards ranging from $200 to $20 000.
The company said the program is part of its “commitment to developing safe and advanced AI”.
However, the developers listed a number of threats whose discovery will not be rewarded. The official program page notes:
«Issues related to the content of prompts and model responses are strictly out of scope and will not be rewarded unless they have an additional directly verifiable impact on safety within the service».
Issues outside the scope of the program include:
- jailbreaks and security bypasses;
- coercing the model to “say bad things”;
- generation of malicious code.
Some experts заявили, that the initiative is unlikely to fully address the broad range of cybersecurity risks. Rather, the program will help OpenAI reduce the number of internal security issues, they say.
In March, Italian authorities ordered the blocking of ChatGPT for “unlawful collection of personal data”.
Following that, other European regulators allowed the imposition of restrictive measures against the chatbot.