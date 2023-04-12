As part of its bug bounty program, introduced on April 11, 2023, OpenAI is paying white hat hackers up to $20,000 to discover security holes and ChatGPT Vulnerabilities. The ChatGPT developer introduced the effort as part of their dedication to safe AI (AI). Security professionals have been investigating the business since the ChatGPT prototype was introduced in November 2022.

“It is important that OpenAI runs a bug bounty scheme as a matter of priority,” said Mike Thompson, information security manager at Zen Internet, in a statement to Infosecurity. “As the technology is from November 2022, the insane giddiness that has ensued has completely overshadowed the potential risk.”

We're launching the OpenAI Bug Bounty Program — earn cash awards for finding & responsibly reporting security vulnerabilities. https://t.co/p1I3ONzFJK — OpenAI (@OpenAI) April 11, 2023

OpenAI recognized in its release that, despite significant investment in research and engineering to guarantee the safety and security of its AI systems, ChatGPT Vulnerabilities and faults can still occur.

“We think that dealing with this reality requires openness and cooperation. The corporation stated: “As a result, we are requesting assistance from the worldwide community of security experts, ethical hackers, and technology enthusiasts to help us find and fix vulnerabilities in our systems.

On March 23, OpenAI disclosed that it had patched ChatGPT Vulnerabilities. This allowed users to access the titles of other users’ chats on March 20 for nine hours. The possibility of privacy issues due to the ChatGPT open-source library bug was mentioned.

This is not the end of vulnerabilities that have been discovered or what will ever be. Launching a bug bounty program is one of the most effective ways for businesses to guarantee the security posture of their goods. Since 1995, when Netscape introduced the first bug bounty program, this has been tried, true, and tested. Zaira Pirzada, a cybersecurity advisor at Lionfish Tech, said to Infosecurity, “I’m delighted OpenAI sees this.

Sam Altman, CEO of OpenAI, is beginning to understand that the general population is just as important to testing as they are to consumption, she continued. To oversee the submission and reward procedure, the business has joined forces with Bugcrowd.

“OpenAI’s decision to actively seek feedback from the hacker community on the security of their products is huge and continuing validation of hackers as “the Internet’s Immune System,” and the transparency and accountability of the approach will go a long way to continuing to build user trust in a relatively new market,” said Casey Ellis, founder, and CTO of Bugcrowd, in an interview with Infosecurity. I believe that this has lessons for all developing technology companies and industries.

“Bug Bounties’ collaborative approach fosters continuous improvement, safeguards user data, and bolsters overall security in the digital ecosystem,” highlighted Nikki Webb, global channel manager at Custodian360.

The prizes range from $200 for discoveries with modest severity to $20,000 for extraordinary discoveries. Over ten vulnerabilities had, as of this writing, received rewards. Ethical hackers participating in the program cannot divulge details about the vulnerabilities discovered.

The program’s scope includes the OpenAI.com website, ChatGPT Vulnerabilities, third-party business targets associated with OpenAI, OpenAI research organization, and APIs and AP Keys. The bug bounty program is only for problems with conventional software, not problems with AI models.

While the bug bounty program won’t cover all potential attack paths, Jake Moore, global security advisor at ESET, emphasized that it functions as another weapon in the cybersecurity armory, averting a new wave of attacks.

According to recent research by BlackBerry, 51% of security leaders anticipate that ChatGPT will be at the center of a successful cyber-attack within a year. The largest security worries are on how cyberthreat actors might use the huge language model to launch assaults, such as virus creation and convincing social engineering frauds.

Conclusion

OpenAI, a firm conducting AI research, announced the introduction of a new bug bounty program that would enable registered security researchers to find ChatGPT Vulnerabilities in its product line and get compensated for reporting them via the Bugcrowd platform for crowdsourced security. The prizes, dependent on the reported issues’ impact and severity, are based on what the business revealed today and range from $200 for low-severity security defects to $20,000 for extraordinary findings.

The OpenAI Bug Bounty Program, according to OpenAI, “is a method for us to acknowledge and reward the valuable insights of security researchers who help to maintaining the security of our technology and company.” “We encourage you to report any bugs, security holes, or vulnerabilities in our systems. You will be instrumental in making our technology safer for everyone by disseminating your findings.” Although bounty hunters are interested in the OpenAI Application Programming Interface (API) and its ChatGPT artificial intelligence chatbot, the business asked researchers to report model concerns via a different form unless they have a security impact.

“Model safety concerns don’t fit well within a bug bounty program since they aren’t specific, isolated bugs that can be repaired straightforwardly. Resolving these difficulties frequently requires extensive research and a more comprehensive strategy, “added OpenAI. “Instead of submitting them through the bug bounty program, kindly report them using the appropriate form to guarantee they are properly addressed. Our researchers can use these reports to enhance the model if you report them where they belong.” Jailbreaks and safety bypasses, which ChatGPT users have been using to mislead the ChatGPT chatbot into disobeying the security measures put in place by OpenAI engineers, are other problems that are outside the scope of this article.