Connect with us

Hi, what are you looking for?



ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws

OpenAI announced a bug bounty program that will pay hackers up to $20,000 for security vulnerabilities found in ChatGPT and other products and OpenAI corporate assets.

OpenAI launches bug bounty program for ChatGPT and other products

OpenAI, the company behind the wildly popular ChatGPT artificial-intelligence (AI) chatbot, on Tuesday launched a bug bounty program offering up to $20,000 for advance notice on security vulnerabilities found by hackers.

The rollout of the new bug bounty program comes on the heels of OpenAI patching account takeover vulnerabilities in ChatGPT that were being exploited in the wild

The Microsoft-backed AI company plans to offer bounties for bugs in its flagship ChatGPT, along with APIs, API keys, third-party corporate targets and assets belonging to the OpenAI research organization.

The company is specifically looking for security defects in the ChatGPT chatbot, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins and third-party plugins.

The program, which is being managed by BugCrowd, is also looking for security issues in a target group that includes confidential OpenAI corporate information that may be exposed through third parties. 

Some examples of the types of vendors which would qualify in this category include Google Workspace, Asana, Trello, Jira,, Zendesk, Salesforce and Stripe, the company said.

OpenAI said the program will offer cash rewards based on the severity and impact of the reported issues. 

Advertisement. Scroll to continue reading.

“Our rewards range from $200 for low-severity findings to up to $20,000 for exceptional discoveries,” the company said without elaborating on the types of vulnerabilities that would qualify for top-end rewards.

Late last month, OpenAI experienced a data breach caused by a bug in an open source library that resulted in ChatGPT users being shown chat data belonging to others.

The company also patched severe vulnerabilities in late March that could have allowed attackers to take over user accounts and view chat histories.

Related: ​​ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications

Related: Microsoft Puts ChatGPT to Work on Automating Cybersecurity

Related: ChatGPT and the Growing Threat of Bring Your Own AI to the SOC

Related: Microsoft Invests Billions in ChatGPT-Maker OpenAI

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.