OpenAI, the company behind the hugely popular ChatGPT AI chatbot, has launched a bug bounty program to ensure the system is “safe and secure.”
To do so, the company has partnered with crowdsourced security platform Bugcrowd to allow independent researchers to report vulnerabilities found in their products, in return for “low-severity findings starting at $200. Received rewards ranging up to $20,000 for exceptional discoveries.
Please note that the program does not cover model safety or hallucination issues where chatbots are encouraged to generate malicious code or other erroneous output. Substantial research and a broader approach are often needed to address the problem.”
Other prohibited categories include Denial of Service (DoS) attacks, OpenAI API brute force attacks, and demonstrations aimed at destroying data or gaining unauthorized access to sensitive information.
“Please note that approved tests are not exempt from all OpenAI terms and conditions,” the company warns. “Abusing the service may result in rate limiting, blocking, or banning.”
However, it covers flaws in any of the OpenAI API, ChatGPT (including plugins), third-party integrations, OpenAI API key disclosure, and company-operated domains.
The development comes in response to OpenAI’s patching of the platform’s account takeover and data breach flaws, prompting Italian data protection regulators to take a closer look at the platform.
Italian data protection authority proposes measures to lift ChatGPT ban
Garante, which temporarily banned ChatGPT on March 31, 2023, outlines a series of measures that Microsoft-backed companies must agree to implement by the end of the month to lift the suspension.
“OpenAI should draft and make available on its website an information notice explaining the data processing arrangements and logic necessary for the operation of ChatGPT, along with the rights conferred on data subjects,” Garante said. I’m here.
Learn How to Secure Your Identity Perimeter – A Proven Strategy
Improve your business security in our upcoming expert-led cybersecurity webinar: Exploring Identity Perimeter Strategies!
Don’t miss it – secure your seat!
Additionally, information notices should be readily available to Italian users prior to signing up for the service. User must also declare that she is over the age of 18.
OpenAI will also implement an age verification system by September 30, 2023 to exclude users under the age of 13 and have provisions for requiring parental consent for users between the ages of 13 and 18. was ordered. Submit a plan for an age-restriction system.
As part of our efforts to enforce their data rights, both users and non-users of the Service may request “correction of their personal data” if it was incorrectly generated by the Service, or if correction is technically infeasible. If so, you can erase the data.
According to Garante, non-users should also be provided with easily accessible tools to object to personal data processed by OpenAI’s algorithms. The company also plans to run an advertising campaign by May 15, 2023 to “notify individuals about the use of their personal data for training algorithms.”
