OpenAI is now offering a Bug Bounty Program

OpenAI is partnering with Bugcrowd to identify and incentivize finding bugs. They invite the global community of security researchers, ethical hackers, and technology enthusiasts to help identify and address vulnerabilities in their systems.

The program recognizes and rewards security researchers who report vulnerabilities, bugs, or security flaws in their systems. The rewards range from $200 to up to $20,000 based on the severity and impact of the reported issues. OpenAI views security as a collaborative effort and invites the security research community to participate in the program. They are also hiring for open security roles on their careers page.

Check out OpenAI’s newly introduced Bug Bounty.


This is exciting. Can i use my bug finder bot, built with GPT-4?

1 Like

What constitutes a big? I have found that Web links provided by ChatGPT as references don’t link to meaningful information. Is that a bug? Are biographical and historical inaccuracies bugs? Almost every query produces those. Please clarify if you are able.

Hey Steven and welcome to the forum

Your question is quite a common one, so I’ll just copy paste from the bug bounty description:

Examples of safety issues which are out of scope:

Jailbreaks/Safety Bypasses (e.g. DAN and related prompts)
Getting the model to say bad things to you
Getting the model to tell you how to do bad things
Getting the model to write malicious code for you
Model Hallucinations:

Getting the model to pretend to do bad things
Getting the model to pretend to give you answers to secrets
Getting the model to pretend to be a computer and execute code
For model related issues, please report them here:
Model behavior feedback

1 Like

Btw could we get this community forum site added to the list of out of scope sites?

The community is running on “discourse”, and we’ve already seen a lot of junk/spam posts over last 24 hour’s.

If there’s a bug with on a discourse forum site, you can report it at

This is off-topic so if the OP desires it be moved, feel free to ask for it to be moved. If I were a Discourse admin or high level user here I would do it automatically.

One of the first line of defenses against spam on a Disclosure site is Askimet.

  • The next quickest method is to have a high trusted user flag the post and it will be hidden immediately.
  • The next quickest method is to have three users flag the post and it will be hidden. Also flags are hidden from other users so if you want others to add another flag note that you flagged it. Personally I don’t mind if my flags for spam are seen publicly so that others can count the flags and know to add an additional flag.


Askimet is already doing it’s thing on the forum, and flagging is great but i don’t think it’s as effective when we have explosive growth in the amount of forum users :laughing:

1 Like