OpenAI’s Bug Bounty Program, which launched on Tuesday, will reward users based on the severity of flaws they disclose, with awards beginning at $200 per vulnerability.
- OpenAI has launched a bug bounty program to encourage ethical hackers, security researchers, and technology enthusiasts to identify and report vulnerabilities in its AI services.
- The bug bounty program is in collaboration with Bugcrowd and includes rewards ranging from $200 to $20,000 based on the severity of the issue.
- Participants must follow specific rules and guidelines, including refraining from violating the privacy, disrupting systems, or destroying data.
- The bug bounty program is crucial to OpenAI’s mission of creating safe and advanced AI, and they also offer safe harbor protection, cooperation, remediation, and acknowledgment for vulnerability research conducted according to their policy and rules of engagement.
What is OpenAI’s Bug Bounty Program?
To uncover faults in ChatGPT, OpenAI is appealing to the public, establishing a “Bug Bounty Program” to compensate those who submit any security flaws, vulnerabilities, or other concerns inside the AI system.
The prize is accessible to anybody, from genuine researchers to ordinary folks who like experimenting with the technology. The awards include cash, with “low-severity discoveries” starting at $200 and “exceptional discoveries” going up to $20,000. Submissions and rewards are handled by Bugcrowd, a bug bounty platform.
Glitches have plagued ChatGPT; last month, the entire site fell after users reported seeing names of chats in which they were not participants. A few days later, a Twitter user said that they had discovered more than 80 hidden plugins when hacking ChatGPT.
This morning I was hacking the new ChatGPT API and found something super interesting: there are over 80 secret plugins that can be revealed by removing a specific parameter from an API call.
The secret plugins include a "DAN plugin", "Crypto Prices Plugin", and many more. pic.twitter.com/Q6JO1VLz5x
— Joseph Thacker (@rez0__) March 24, 2023
Not all faults reported to OpenAI will result in a monetary award, such as jailbreaking or convincing the model to speak or appear to say something nasty.
What are the guidelines for OpenAI’s Bug Bounty Program?
To join the program, certain rules and guidelines must be followed:
- Rules include reporting vulnerabilities promptly, not violating privacy or disrupting systems, using the Bugcrowd program for communication, keeping vulnerability details confidential, and testing only in-scope systems.
- The company also denies safe harbor for vulnerability disclosure conducted under duress.
The OpenAI’s bug bounty program does not provide incentives for model flaws
The corporation said in the comprehensive guidelines for participation that problems related to the substance of model prompts and replies are “strictly out of scope” and would not be rewarded. Jailbreaks and getting the models to say or do horrible things are examples of omitted difficulties.
Jailbreaking is the process of changing a system to circumvent its restrictions, which might result in unfiltered material on ChatGPT. Jailbreakers made GPT-3.5 spout obscenities and nasty words earlier this year by giving it the job of a different AI model with the phrase Do Anything Now or DAN.
“While we work hard to prevent risks, we can’t predict how people will use or misuse our technology daily in the real world”, the page stated, recommending that customers fill out a separate feedback form to express their problems.
In response to a post posted by Alex Albert, a 22-year-old jailbreak prompt enthusiast, Greg Brockman, co-founder and CEO of OpenAI, suggested on Twitter in March that he planned to launch OpenAI’s bug bounty program or a network of red teamers.
Democratized red teaming is one reason we deploy these models. Anticipating that over time the stakes will go up a *lot* over time, and having models that are robust to great adversarial pressure will be critical. Also considering starting a bounty program/network of red-teamers! https://t.co/9QfmXQi9iM
— Greg Brockman (@gdb) March 16, 2023
The reason
The action came only days after ChatGPT was banned in Italy for allegedly violating privacy standards, pushing authorities in other European nations to conduct more research into generative AI services.
ChatGPT has certainly taken the world by storm in recent months, passing an MBA-level test at Wharton, writing a post for Techbriefly, and even pretending to be blind to persuade a human to solve a captcha.
The rapid advancement and efficacy of AI have concerned some experts, so much so that 500 leading engineers (including Elon Musk) have called an AI stop on more powerful systems, citing possible perils in an unclear future for the technology.
Do you want to discover how ChatGPT managed to pass an MBA exam? To find out more, go to:
