OpenAI has set up a bug bounty program for discovering security flaws in its AI models. This involves collaboration with security startup Bugcrowd. Content bugs in the models or tools like ChatGPT are not part of the program.
With the bug bounty program, OpenAI aims to detect errors in the security structure of its AI models and tools, as well as related third-party software and tooling. These include technical security errors.
Errors in the operation of the models or tools, such as wrong answers, answers with biases or “hallucinations” of the AI models are explicitly not covered by the reward program. This is because these errors require more extensive investigation and do not qualify as a traditional bug.
Participants in the program must meet a number of strict requirements or ground rules. This is to allow OpenAI to distinguish “ethical” and “malicious” hacks.
Among other things, participants must follow policy rules, report discovered bugs and not violate privacy, disrupt systems, destroy data or interfere with the user experience. Any bug discovered must remain confidential until OpenAI indicates it can be presented. The intent is to grant permission to do so within 90 days of receiving the bug report.
OpenAI and Bugcrowd’s bug bounty program allows security researchers to earn between $200 and $20,000 from the vulnerabilities, bugs or other security flaws they discover. The more severe the bug, the more money they get.
Also read: OpenAI introduces plugin functionality for ChatGPT