OpenAI Launches Bug Bounty Program for Abuse and Safety Risks

Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm.

OpenAI has announced a new public safety bug bounty program focused on AI-specific abuse and safety risks in its products.

The new program complements OpenAI’s existing security bug bounty program and is open to issues that do not meet the criteria for a security vulnerability.

“Submissions will be triaged by OpenAI’s Safety and Security Bug Bounty teams and may be rerouted between the two programs depending on scope and ownership,” OpenAI says.

AI-specific safety scenarios covered by the new program include third-party prompt injection and data exfiltration attacks, disallowed actions performed by agentic OpenAI products on the company’s website at scale, and other harmful actions performed by the products.

The program also accepts submissions regarding issues that lead to the exposure of OpenAI’s proprietary information, as well as weaknesses ...