We are immersed in an increasingly digitized world in which it is not always easy to predict what will be the next technology that will change new lives (everything seems to indicate that in these times it will be the promising artificial intelligence). But we do have some certainties, and one of them is that there are no 100% secure systems, and this also applies to OpenAI products.
Just like old-school thieves use their lock picking skills to get their precious loot, cybercriminals do the same with computer systems. So you may be wondering what these individuals have in common. The answer is simple: they take advantage of physical or digital vulnerabilities that have not been addressed in time.
In response to this scenario, many companies decide to give prizes to computer bug bounty hunters to avoid security issues with their platforms. This is precisely what the company founded by Sam Altman is doing. In addition to reviewing your systems behind closed doors, it gives the possibility for computer experts from around the world to contribute.
The OpenAI Bug Bounty
The GPT-4 creators, among other AI models, have announced the launch of its ChatGPT Vulnerability Bounty Program (VRP). This Bug Bounty It has a remuneration scheme based on the importance of contributions. Payments range from $200 for low severity discoveries to $20,000 for “exceptional finds.”
As we say, this type of practice is increasingly common among large technology companies, and throughout history we have seen how industry giants such as Apple, Google, Meta or Microsoft have offered rewards of up to $200,000 or more for errors. Of course, there are certain conditions that those interested in participating must meet when testing their systems.
OpenAI has published a list of issues that are outside of its bounty program, including using jailbreaks, forcing model to return inappropriate results, or getting it to write malicious code. In any of these cases, and in others as well, there is no reward. Yes, there is a reward in other types of failures or vulnerabilities.
The artificial intelligence company is interested in discovering authentication problems, exposed data situationsChatGPT Plus payment platform bugs, method of bypassing Cloudflare protection by sending traffic to unprotected endpoints, app crashes, issues with API or with plugins created by OpenAI (not third party ).
For this Bug Bounty, those led by Altman have partnered with Bugcrowd, an old acquaintance in the world of bounties for bugs and vulnerabilities in computer systems (although there are also others like HackerOne and Synack). Those interested can find all the details at the OpenAI profile within the Bugcrowd platformwhich will be in charge of managing shipments and rewards.
Images: nahel abdul hadi / Screenshot of ChatGPT
In Xataka: If ByteDance wants TikTok to continue operating in the US, it’s easy: you just have to sell it
In Xataka: I am a computer scientist and I work reporting software bugs to large technology companies