AI research company OpenAI announced today the launch of a new bug bounty program to allow registered security researchers to discover vulnerabilities in its product line and get paid for reporting them via the Bugcrowd crowdsourced security platform.
“The OpenAI Bug Bounty Program is a way for us to recognize and reward the valuable insights of security researchers who contribute to keeping our technology and company secure,” OpenAI said.
“Model safety issues do not fit well within a bug bounty program, as they are not individual, discrete bugs that can be directly fixed. Addressing these issues often involves substantial research and a broader approach,” OpenAI said.
Last month, OpenAI disclosed a ChatGPT payment data leak the company blamed on a bug in the Redis client open-source library bug used by its platform.
“The bug was discovered in the Redis client open-source library, redis-py. As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue,” OpenAI said.
While the company didn’t link today’s announcement with this recent incident, the issue would’ve potentially been discovered earlier, and the data leak might’ve been avoided if OpenAI already had a running bug bounty program to allow researchers to test its products for security flaws.
