OpenAI Will Pay Up to $20K for Catching ChatGPT Bugs
OpenAI is offering cash rewards to those who spot and report problems with ChatGPT and its other generative AI software services. The ‘bug bounty’ program will pay as much as $20,000 total to users who inform the company about security issues, a much bigger issue after a cybersecurity expert uncovered a ChatGPT vulnerability that allowed some users to see the titles of other people’s conversations with the AI. A relatively quick resolution couldn’t forestall more scrutiny from government regulators and an outright ban on ChatGPT in Italy.
People experimenting with OpenAI’s models, including ChatGPT and other generative AI tools, can submit any possible vulnerabilities to the company. OpenAI will review the submissions and fix the problem should they agree there is one. Payment depends on how big the bug might have become. Each approved bug report will earn the user anywhere from $200 to $6,500 based on the potential danger. The $20,000 cap suggests OpenAI doesn’t expect many truly enormous security issues. OpenAI is running the glitch hunt and rewards setup through the bug bounty platform Bugcrowd.
“The OpenAI Bug Bounty Program is a way for us to recognize and reward the valuable insights of security researchers who contribute to keeping our technology and company secure. We invite you to report vulnerabilities, bugs, or security flaws you discover in our systems. By sharing your findings, you will play a crucial role in making our technology safer for everyone,” OpenAI explained in its announcement. “We recognize the importance of your contributions and are committed to acknowledging your efforts. At OpenAI, we recognize the critical importance of security and view it as a collaborative effort. We invite the security research community to participate in our Bug Bounty Program.”
ChatGPT Privacy Problems
The ChatGPT conversation title leak likely prompted the new bounty program. Cybersecurity software firm Shockwave.cloud CEO Gil Nagli first reported the issue and specifically criticized OpenAI’s lack of a bug bounty program in his initial discussion of the flaw. Nagli did write approvingly of OpenAI’s speed at closing the hole in its security, 45 minutes for the first patch and 90 minutes for the remainder. Italy’s move to ban ChatGPT sparked a larger rush for more oversight in Europe in the U.S. Nagli is pleased with the initial rollout of the bug bounty program, boasting of receiving $300 for his work so far and being among the first to participate.
Decided to take additional look on #ChatGPT and reported ~3 additional bugs until now with different severities, probably scooped the first reward from their program so that’s nice little history to have : ) pic.twitter.com/d61v4KjHaN
— Nagli (@naglinagli) April 11, 2023