OpenAI, the company behind the wildly popular ChatGPT artificial-intelligence (AI) chatbot, on Tuesday launched a bug bounty program offering up to $20,000 for advance notice on security vulnerabilities found by hackers.
The rollout of the new bug bounty program comes on the heels of OpenAI patching account takeover vulnerabilities in ChatGPT that were being exploited in the wild.
The Microsoft-backed AI company plans to offer bounties for bugs in its flagship ChatGPT, along with APIs, API keys, third-party corporate targets and assets belonging to the OpenAI research organization.
The company is specifically looking for security defects in the ChatGPT chatbot, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins and third-party plugins.
The program, which is being managed by BugCrowd, is also looking for security issues in a target group that includes confidential OpenAI corporate information that may be exposed through third parties.
Some examples of the types of vendors which would qualify in this category include Google Workspace, Asana, Trello, Jira, Monday.com, Zendesk, Salesforce and Stripe, the company said.
OpenAI said the program will offer cash rewards based on the severity and impact of the reported issues.
“Our rewards range from $200 for low-severity findings to up to $20,000 for exceptional discoveries,” the company said without elaborating on the types of vulnerabilities that would qualify for top-end rewards.
Late last month, OpenAI experienced a data breach caused by a bug in an open source library that resulted in ChatGPT users being shown chat data belonging to others.
The company also patched severe vulnerabilities in late March that could have allowed attackers to take over user accounts and view chat histories.
Related: ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications
Related: Microsoft Puts ChatGPT to Work on Automating Cybersecurity
Related: ChatGPT and the Growing Threat of Bring Your Own AI to the SOC
