Brief IA

OpenAI: A Reward Program to Secure AI

🤖 Models & LLM·Tom Levy·

OpenAI: A Reward Program to Secure AI

OpenAI: A Reward Program to Secure AI
Key Takeaways
1OpenAI has launched a public program to reward the discovery of security vulnerabilities in its AI products.
2This program aims to identify potential abuses and security risks, even in the absence of traditional vulnerabilities.
3Security researchers are encouraged to report specific AI-related issues to help secure OpenAI's systems.
💡Why it mattersThis initiative demonstrates OpenAI's commitment to protecting its users from potential abuses of AI.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

OpenAI Launches an AI Security Bug Bounty Program

OpenAI recently announced the launch of a public bug bounty program focused on security, aimed at identifying and addressing potential abuses related to artificial intelligence. As AI continues to evolve at a rapid pace, the risks of malicious use are also increasing. The primary goal of this program is to ensure that OpenAI's systems remain secure and protected against abuses that could cause real harm.

This program complements the existing security bug bounty initiative at OpenAI. It accepts reports of issues that, while not meeting traditional vulnerability criteria, still present significant risks of abuse and security. OpenAI hopes to collaborate with security and safety researchers to identify and resolve problems that fall outside the realm of classic security vulnerabilities but still pose real threats. Submissions will be reviewed by OpenAI's security bug bounty and safety teams and may be redirected between the two programs based on their nature and significance.

Program Focus

OpenAI's security bug bounty program focuses on specific AI-related scenarios, as outlined below:

  • Agentic Risks, including MCP (Model of Predictive Conduct)

    • Third-party prompt injection and data exfiltration: this occurs when an attacker's text reliably manages to divert a victim's agent, such as products like the browser or ChatGPT agent, to perform a harmful action or disclose sensitive user information. This behavior must be reproducible in at least 50% of cases.
    • An agentic product from OpenAI performs an unauthorized action on the OpenAI website at scale.
    • An agentic product from OpenAI carries out a potentially harmful action not mentioned above. Valid reports must demonstrate plausible and material harm.
    • Any testing for MCP risk must comply with the terms of use of any third party.
  • OpenAI Proprietary Information

    • Model generations that reveal proprietary information related to reasoning.
    • Vulnerabilities that expose other proprietary information from OpenAI.
  • Account and Platform Integrity

    • Vulnerabilities in account and platform integrity signals, such as bypassing anti-automation controls, manipulating account trust signals, evading account restrictions/suspensions/bans, and similar issues.
    • Issues allowing users to access features, data, or functionalities beyond authorized permissions should be reported to the security bug bounty program.

While jailbreaks are excluded from this program, OpenAI periodically organizes private bug bounty campaigns focused on certain types of harm, such as content issues related to biological risks in the ChatGPT agent and GPT-5. Interested researchers are encouraged to apply to these programs when they are available.

Outside of the mentioned categories, if researchers identify defects that facilitate direct pathways to harm for users and discreet, actionable remediation steps, these may be considered eligible for rewards on a case-by-case basis. General content policy workarounds without demonstrable impact on security or abuse are outside the scope of this program. For example, "jailbreaks" that lead to the model using profanity or returning information easily found via search engines are excluded.

Participation in the Program

Researchers wishing to participate can apply through OpenAI's security bug bounty program. OpenAI looks forward to collaborating with researchers, ethical hackers, and the security and safety community to create a secure AI ecosystem.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.