CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Artificial Intelligence·Vulnerabilities

OpenAI Launches Bug Bounty Program for Abuse and Safety Risks

Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek.

OpenAI

OpenAI has announced a new public safety bug bounty program focused on AI-specific abuse and safety risks in its products.

The new program complements OpenAI’s existing security bug bounty program and is open to issues that do not meet the criteria for a security vulnerability.

“Submissions will be triaged by OpenAI’s Safety and Security Bug Bounty teams and may be rerouted between the two programs depending on scope and ownership,” OpenAI says.

AI-specific safety scenarios covered by the new program include third-party prompt injection and data exfiltration attacks, disallowed actions performed by agentic OpenAI products on the company’s website at scale, and other harmful actions performed by the products.

The program also accepts submissions regarding issues that lead to the exposure of OpenAI’s proprietary information, as well as weaknesses in account and platform integrity.

“If researchers identify flaws that facilitate direct paths to user harm and actionable, discrete remediation steps, these may be considered in scope for rewards on a case-by-case basis,” OpenAI notes.

The program runs on Bugcrowd and follows the same rules as the company’s security bug bounty program, with several additions.

Per the rules, design and implementation issues in OpenAI products that could lead to material harm are within the scope of the program, including flaws resulting in abuse protection bypasses.

Researchers are encouraged to identify abuse risks in agentic OpenAI products that perform actions on behalf of the user or access data as the user, including Atlas Browser, Codex, Operator, Connectors, and other ChatGPT tools.

Vulnerabilities in connectors and MCP integrators that can be abused to cause material harm are also accepted.

Researchers may earn up to $7,500 for reports that detail consistently reproducible issues of high severity, and which include a clear set of recommended steps or mitigations. However, OpenAI says reward decisions and amounts are up to its discretion.

Related: Google Paid Out $17 Million in Bug Bounty Rewards in 2025

Related: OpenAI Rolls Out Codex Security Vulnerability Scanner

Related: Microsoft Bug Bounty Program Expanded to Third-Party Code

Related: From Open Source to OpenAI: The Evolution of Third-Party Risk

Latest News

CYBERNEWSMEDIAPublisher