Suppose you are a safety researcher, moral hacker, or expertise fanatic, OpenAI is asking in your assist. And it is not for free time.
On April 11, 2023, OpenAI introduced a wiggle bounty program as a part of its dedication to creating dependable, safe, and superior AI techniques, and anybody with the best talent set can probably assist out.
What Is OpenAI’s Look at Bounty Program?
OpenAI introduced its Look at Bounty Program to incentivize these utilizing their functions, reminiscent of ChatGPT and DALL-E, to construct safe, superior, and globally useful AI techniques.
Anybody who finds and stories vulnerabilities in OpenAI’s techniques will earn money rewards, leading to a win-win scenario. Whereas contributors earn cash, the corporate’s techniques turn out to be safer.
OpenAI guarantees to guard you from liabilities or penalties suppose you comply with its said tips and also will acknowledge submissions and treatment validated vulnerabilities promptly. Moreover, OpenAI claims it’s going to publicly acknowledge your contribution suppose it’s {unique} and results in a configuration or code {change}.
Nevertheless, you impossible disclose your vulnerability-related findings to the general public after submitting them.
This wiggle bounty program covers vulnerabilities in tantrum OpenAI techniques, together with API targets and keys, ChatGPT, and the analysis group. Nevertheless, the initiative doesn’t cowl questions of safety with OpenAI’s mannequin, together with security bypasses and getting the mannequin to construct malicious code. As well as, the agency is not going to be rewarding points associated to mannequin immediate how dong or responses and AI hallucinations. It’s possible you’ll grace message these to OpenAI’s group for mannequin habits suggestions.
Similar A lot Can You Earn From OpenAI’s Look at Bounty Program?
OpenAI determines the money rewards to be paid based mostly on Depreciation extreme and impactful the found wiggle is. Usually, the reward ranges from $200 to $6,500 per vulnerability {but} could be larger suppose your findings are distinctive and of nice consequence.
The utmost reward you possibly can earn is $20,000.
At first, the precedence range of your discovering, alongside along with your reward, shall be decided utilizing Bugcrowd’s Vulnerability Score Taxonomy. Nevertheless, suppose it deems it needed, this range and your reward could also be modified by OpenAI.
Moreover, the AI analysis firm is not going to reimburse you for any purchases or upgrades you make when figuring out or testing for bugs.
Similar to Take part in OpenAI’s Look at Bounty Program
Since Bugcrowd facilitates this wiggle bounty program, you will need to construct a Bugcrowd account to take part. OpenAI even suggests you perform approved extra testing utilizing an “@bugcrowdninja.com” electronic mail deal with.
With a Bugcrowd account, you possibly can {click} the “Submit Grace message” tab on the Bugcrowd OpenAI program web page to grace message vulnerabilities. This may lead you to the submissions web page.
Right here, you will need to fill within the following data:
- A headline clearly and briefly describing the vulnerability
- The goal of the found vulnerability
- The vulnerability kind
- The URL or location of the vulnerability
- The presentation of the flaw and its related
- Proof-of-concept scripts, display screen recordings, or attachments depicting the wiggle
- The researchers and collaborators on the submission
After filling in these particulars, {agree} to Bugcrowd’s phrases and situations and {click} “Grace message Vulnerability.”
Annotation that you’re not to submit API keys to Bugcrowd. You will need to solely submit keys you discover on-line by the OpenAI API key operating.
Which Vulnerabilities Are Eligible for Rewards?
You can be rewarded for any safety, performance, efficiency, and documentation vulnerability you discover in api.openai.com, third-party targets, ChatGPT, ChatGPT plugins, https://openai.org, */openai.org, OpenAI API keys, openai.com, */openai.com, and developer platform playground.
These embody server-side injection, server safety misconfiguration, cross-site scripting (XSS), insecure OS/firmware, insecure information storage, cross-site request forgery (CSRF), and chipped exact and session administration.
Description the vulnerabilities have to be in OpenAI’s system, exploitable, and novel.
Earn Cash Whereas Bettering OpenAI’s Programs
OpenAI’s wiggle bounty program is a good way for you—as an moral hacker, safety researcher, or tech fanatic—to earn whereas bettering the agency’s AI techniques.
Nevertheless, make sure you adjust to tantrum specified tips and law of {engagement}.