OpenAI has partnered with Bugcrowd to launch a bug bounty program, which rewards independent researchers for reporting vulnerabilities in OpenAI's systems, including ChatGPT, its popular AI chatbot. Rewards range from $200 for low-severity findings to $20,000 for exceptional discoveries. The scope of the program covers defects in OpenAI APIs, ChatGPT, third-party integrations, and any of the domains operated by the company. Prohibited categories include model safety, hallucination issues, denial-of-service attacks, brute-forcing OpenAI APIs, and demonstrations that aim to destroy data or gain unauthorized access to sensitive information.
The move comes after OpenAI patched account takeover and data exposure flaws in the platform, which led Italian data protection regulators to temporarily ban ChatGPT on 31 March 2023. To lift the ban, OpenAI must draft and make available an information notice describing the arrangements and logic of the data processing required for the operation of ChatGPT, along with users' data rights. Additionally, the information notice should be readily available for Italian users before signing up for the service. OpenAI has also been ordered to implement an age verification system to filter out users below the age of 13 and have provisions in place to seek parental consent for users aged 13 to 18.
The bug bounty program excludes rewards for model issues, including jailbreaks and getting the models to say or do bad things. Earlier this year, jailbreakers made GPT-3.5 speak slurs and hateful language by giving it the prompt "Do Anything Now" or "DAN". OpenAI's new program awarded 14 vulnerabilities in the first day of the program, with an average payout of $1,287.50. Approximately 75% of submissions are accepted or rejected within three hours.
0 Comments