OpenAI Will Give A Prize Of Up To IDR 298 Million For Anyone Who Finds A Vulnerability In ChatGPT

OpenAI will pay security researchers up to 20,000 US dollars (IDR 298 million) that can find vulnerabilities in AI systems. (photo: dock. unsplash)

JAKARTA - OpenAI has just announced that it will pay security researchers up to US$20,000 (IDR 298 million) who can find vulnerabilities in its artificial intelligence (AI) systems.

Through the OpenAI Bug Bounty program, registered security researchers will be offered a bounty based on the severity of the bug they report.

Prizes are awarded starting from 200 US dollars (IDR 2.9 million) for the lowest level of severity and those who are extraordinary will get IDR 298 million.

They can report it through the crowdsourced security platform Bugcrowd. According to the details, OpenAI invites researchers to review certain functionality of ChatGPT and the framework for how enterprise systems communicate and share data with third-party applications.

OpenAI stated, this program aims to provide a container for the expertise and awareness that security researchers have, with the hope that it will have a direct impact on maintaining system and user security.

"The OpenAI Bug Bounty Program is a way for us to recognize and reward valuable insights from security researchers who contribute to keeping our technology and company safe," said OpenAI in a company blog post, quoted Wednesday, April 12.

"We invite you to report any vulnerabilities, bugs or security flaws you find in our systems. By sharing your findings, you will play an important role in making our technology safer for everyone."

For your information, issues related to the content of request and response models are completely outside of this program, and will not be rewarded unless they have an additional, directly verifiable security impact on in-scope services.

Safety issues that are beyond the scope of this program, including jailbreak or safety bypass, getting models to say bad things, getting models to tell how to do bad things, and getting models to write malicious code.

The move comes after OpenAI last month disclosed a ChatGPT payment data leak, which the company blamed on a bug in the open-source Redis client library used by its platform.

Due to the bug, ChatGPT Plus subscribers started seeing other users' email addresses on their subscription page. Following an increasing stream of user reports, OpenAI took the ChatGPT bot offline to investigate the problem, as reported by BleepingComputer.