OpenAI's Bug Bounty Program offers up to $20K for reports on bugs in ChatGPT

OpenAI, the company behind ChatGPT, has issued an open challenge to find bugs in its popular AI (artificial intelligence) chatbot. The artificial intelligence company announced a Bug Bounty Program with up to a whopping $20,000 (about £16.010,88) reward up for grabs for individuals who discover bugs in the AI bot.

Notably, OpenAI collaborated with the bug bounty platform Bugcrowd to launch the Bug Bounty Program. The company will pay $200 for discovering low-severity bugs. Likewise, you can make $20,000 for exceptional bug discoveries. In the meantime, OpenAI is sparing no effort to improve its sought-after AI bot, ChatGPT.

Now, OpenAI has urged the global community of ethical hackers, tech enthusiasts, and security researchers to push its AI bot to the limit. The company is hoping this process will help it discover vulnerabilities. This is understandable given that these chatbots could continue garnering popularity in the future. So, they have to be well-engineered.

OpenAI Bug Bounty Program

Despite adopting advanced technology, ChatGPT is still subject to bugs and a slew of other flaws. OpenAI believes "transparency and collaboration" play a vital role in addressing this reality. The company hopes to encourage more people to participate in the programme by offering rewards to those who discover bugs. There are no prizes for guessing that cybercriminals can take advantage of these flaws to deceive netizens.

For instance, scammers are reportedly using ChatGPT-like chatbots to create credible-looking phishing emails. In fact, the company had to temporarily shut down its AI chatbot after a bug enabled some users to access other users' chat histories. A spokesperson confirmed this shred of information to Bloomberg last month. This is a major sign that identifying and addressing vulnerabilities is important.

Moreover, OpenAI could be on the verge of facing the world's first defamation lawsuit over false claims ChatGPT made about regional Australian mayor Brian Hood. ChatGPT users who have discovered bugs in the software can find rules of engagement on the BugCrowd website. The website explains the process of reporting discovered vulnerabilities.

What kind of bugs can you report?

Aside from this, the page explains which issues aren't likely to receive monetary rewards. Apparently, some issues such as getting the AI bot to say bad things are out of scope. Likewise, getting the AI model to "pretend to give you answers to secrets" can't be reported through Bugcrowd. Also, getting the model "to tell you how to do bad things" doesn't count.

You can get ChatGPT to answer some banned questions, but it won't be worth a reward either. The company has explicitly stated that methods that affect the overall user experience are "out of bounds." Moreover, users can only report bugs from their own accounts for the sake of security. If chatbots are going to be an important part of the internet, they need to survive attacks from users trying to break it.

Notably, Bug bounty programmes have gained popularity in recent years. Tech giants like Meta, Microsoft, and Google offer similar programmes, which are designed to encourage security researchers to report security vulnerabilities in a software product. OpenAI's Bug Bounty Program is a proactive approach in terms of identifying and fixing vulnerabilities in ChatGPT's system.

This is also an indication that the company wants to protect the data of its users and keep its software safe. OpenAI considers security important and recognises it as a collaborative effort. In line with this, the company has invited the security research community to take part in its Bug Bounty Program. Also, OpenAI is hiring people to ensure its AI chatbot is secure.

You can apply for the role of Governance, Risk and Compliance Lead, Security Engineer, Detection & Response, and Security Engineer, Offensive by heading to the company's career page.