Executive Summary
OpenAI has launched a new public Safety Bug Bounty program to complement its existing security bug bounty initiative. This program specifically targets AI abuse and safety risks that could lead to tangible harm, rather than traditional security vulnerabilities. By inviting safety and security researchers to participate, OpenAI aims to proactively identify and address novel issues like agent hijacking, data exfiltration, and platform integrity vulnerabilities in its products.
Key Takeaways
* New Program: OpenAI has launched a public Safety Bug Bounty program, which operates alongside its existing Security Bug Bounty program.
* Distinct Focus: The program specifically rewards the discovery of AI abuse and safety risks, such as flaws that could lead to real-world harm, even if they aren't conventional security vulnerabilities.
* In-Scope Issues: Eligible reports include reliable agent hijacking (prompt injection), models leaking proprietary reasoning information, and bypassing platform integrity controls like anti-automation or account bans.
* Out-of-Scope Issues: General "jailbreaks" that result in rude language or easily accessible information are explicitly out of scope for rewards under this program.
* Participation: Interested researchers and ethical hackers can apply to participate through the official Safety Bug Bounty program page.
Strategic Importance
This initiative formalizes a channel for addressing AI-specific exploits, demonstrating OpenAI's proactive stance on safety beyond traditional cybersecurity. It allows the company to leverage the external research community to identify and mitigate emerging threats unique to advanced AI systems.