Synthetic intelligence firm OpenAI has introduced a fivefold improve within the most bug bounty rewards for “distinctive and differentiated” vital safety vulnerabilities from $20,000 to $100,000.
OpenAI says its companies and platforms are utilized by 400 million customers throughout companies, enterprises, and governments worldwide each week.
“We’re considerably rising the utmost bounty payout for distinctive and differentiated vital findings to $100,000 (beforehand $20,000),” the corporate stated.
“This improve displays our dedication to rewarding significant, high-impact safety analysis that helps us shield customers and keep belief in our techniques.”
As a part of ongoing efforts to increase its bounty program and reward high-impact safety analysis, OpenAI can even provide bounty bonuses for qualifying reviews inside particular classes in what it described as “limited-time promotions.”
“Throughout promotional intervals, researchers who submit qualifying reviews inside particular classes will probably be eligible for extra bounty bonuses,” it added.
As an illustration, till April 30, OpenAI has doubled payouts for safety researchers who report Insecure Direct Object Reference (IDOR) vulnerabilities in its infrastructure and merchandise, with a most reward of $13000.
OpenAI launched its bug bounty program in April 2023 with payouts of as much as $20,000 for researchers who report vulnerabilities, bugs, or safety flaws in its product line through the Bugcrowd crowdsourced safety platform.
The corporate says that mannequin issues of safety are out of scope, simply as jailbreaks and security bypasses exploited by ChatGPT customers to trick the chatbot into ignoring safeguards carried out by OpenAI engineers.
OpenAI unveiled its bug bounty program one month after disclosing a ChatGPT cost information leak blamed on a bug in its platform’s Redis consumer open-source library.
As disclosed then, this bug prompted the ChatGPT service to reveal chat queries and private information (subscriber names, e mail addresses, cost addresses, and partial bank card data) for roughly 1.2% of ChatGPT Plus subscribers.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the right way to defend towards them.
