Open AI is a SanFransico-based AI research company, the organization gained popularity with its launch of ChatGPT, an AI conversational tool that has created a buzz around the world. In its latest blog, Open AI announced that it is launching its bug bounty program under which users can win up to $20000.
We're launching the OpenAI Bug Bounty Program — earn cash awards for finding & responsibly reporting security vulnerabilities. https://t.co/p1I3ONzFJK
— OpenAI (@OpenAI) April 11, 2023
The Big Bounty program
The program is launched in collaboration with Bugcrowd Inc. and is intended to promote “transparency and collaboration,”. It has been launched to incentivize researchers and security enthusiasts to find and report any potential security issues in the ChatGPT platform before they can be exploited by malicious actors. The program has several rules and restrictions that participants must abide by. One notable restriction is that the program will not accept any jailbreaks or attempts to bypass security measures. This is also mentioned in the company’s privacy policy and terms of use. This aims to prevent the system from being used for malicious practices.
According to the blog post, Open AI will provide up to $6,500 per glitch found through its bug bounty program. Under the program, Open AI will reward people for reporting unique glitches. The rewards will be based on the “likelihood or impact” of the platform. Thus the user who found the glitch will be rewarded highly if the glitch forces developers to change the code. The company will pay $200 for “low-severity findings,” with a maximum bounty of $20,000. Glitches eligible for cash rewards include those in ChatGPT—which is in its research review phase—as well as logins, plug-ins, payment issues, and data exposure. Open AI has asked users must keep those vulnerabilities confidential until authorized to release them.
Issues with Chat GPT
Last month, payment details and chat histories of some users were leaked from ChatGPT. Open AI apologized for this and blamed Redis client open-source library. “The bug was discovered in the Redis client open-source library, redis-py. As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue,” OpenAI said.
In a report published days later, the company revealed that data of roughly 1.2% of Plus subscribers had been compromised. The exposed info included subscriber names, email addresses, payment addresses, and partial credit card information. Because of the bug, ChatGPT Plus subscribers began seeing other users’ email addresses on their subscription pages.
Such bounty programs are held to find these bugs and also reward the community which overall leads to better user security and safety.
Conclusion
Bug bounty hunters are excited about Open AI’s Application Programming Interface (API) and ChatGPT artificial intelligence chatbot. It has attracted the attention of cybersecurity experts and the tech community.
OpenAI’s bug bounty program is a positive step towards ensuring the security and privacy of ChatGPT users.
In the blog post, the company said “While we work hard to prevent risks, we can’t predict every way people will use or misuse our technology in the real world.” According to the company, they will continue to offer rewards through such programs and will take measures to ensure user security and privacy.
