OpenAI, the firm responsible for the popular chatbot ChatGPT, has launched a new bug bounty program.
It is offering up to US$20,000 to users who report vulnerabilities in its artificial intelligence (AI) systems. The program will provide rewards based on the severity of the bugs reported, starting at US$200 per vulnerability.
Bug bounty programs are widely used by technology companies to encourage programmers and ethical hackers to report bugs in their software systems, helping companies to identify and fix security vulnerabilities before they can be exploited by cybercriminals.
OpenAI has invited researchers to review specific functions of ChatGPT and the framework for how its systems communicate and share data with third-party applications, with the aim of identifying and addressing any potential vulnerabilities.
The program, which will be administered through Bugcrowd, will not accept jailbreaks or text prompts that violate ChatGPT’s rules.
Additionally, it will not accept reports of ChatGPT generating incorrect facts, which can be reported through a separate form. Instead, the bug bounty program will focus on vulnerabilities related to user privacy and cybersecurity on OpenAI’s web domains and APIs.
It also permits users to report bugs related to OpenAI leaking data through third-party vendors or exposed API keys. Participants in the bug bounty program are required to keep vulnerability details confidential until authorised for release by OpenAI’s security team.
The move follows the recent ban of ChatGPT in Italy for a suspected breach of privacy rules, which has prompted regulators in other European countries to scrutinise generative AI services more closely.
Tech leaders have also recently signed an open letter, calling for a pause in AI development and better regulations.
Microsoft Corp-backed OpenAI’s ChatGPT has been a sensation since its launch in November 2022, with many users impressed by its quick responses to questions. However, inaccuracies in its responses have also caused distress for some users.
By launching the bug bounty program, OpenAI hopes to identify and fix any vulnerabilities that could pose a risk to user privacy or the integrity of its systems, ensuring that ChatGPT remains a reliable and secure tool for its millions of users around the world.
Featured Image Credit: SecurityWeek
