OpenAI is offering white hat hackers up to $20,000 to find security flaws as part of its bug bounty program launched on April 11, 2023.
The developers of ChatGPT have announced this initiative as part of their commitment to secure artificial intelligence (AI). The company has been under scrutiny by security experts since the release of his ChatGPT prototype in November 2022.
talk information security, Mike Thompson, Information Security Manager at Zen Internet, said:
Library vulnerability
In its announcement, OpenAI acknowledged that despite the heavy investment in research and engineering to ensure the safety and security of AI systems, vulnerabilities and flaws may emerge. Admitted.
“We believe transparency and collaboration are essential in dealing with this reality. That is why we invited the global community of security researchers, ethical hackers, and tech enthusiasts to identify vulnerabilities in our systems. and help us deal with it,” the company said.
On March 23rd, OpenAI announced that it fixed the ChatGPT4 vulnerability. This vulnerability allowed a user to view the titles of chats by other users during his nine hours on March 20th. A bug in the ChatGPT open source library leads to privacy issues.
Read more: ChatGPT vulnerability may have exposed users’ payment information
“This is not the limit of vulnerabilities that have been discovered, nor of vulnerabilities that will exist in the future. This has been tested and true since Netscape started its first bug bounty program in 1995. OpenAI is happy to see this. Information security.
She added that OpenAI CEO Sam Altman is likely aware that it is as much a necessary part of testing as the general public consumes.
The company has partnered with Bugcrowd to manage the submission and reward process.
Bugcrowd Founder and CTO Casey Ellis said: information security, “OpenAI’s decision to actively solicit feedback from the hacker community on the security of their products is extremely important, and we are continually validating hackers as the ‘Internet’s immune system,’ and we appreciate the transparency and transparency of this approach. Accountability goes a long way in continuing to build users. Confidence in a relatively new market. I think all emerging tech companies and categories can learn from this. ”
Nikki Webb, Global Channel Manager at Custodian360, emphasizes:
Compensation ranges from $200 for low severity findings to up to $20,000 for exceptional findings. At the time of this writing, over 10 vulnerabilities have been rewarded. As part of the program, ethical hackers are not allowed to release information about discovered vulnerabilities.
The scope of the program includes OpenAI’s API and AP keys, ChatGPT, targets of third-party companies associated with OpenAI, OpenAI research organizations, and the OpenAI.com website. The bug bounty program targets traditional software problems, not AI model problems.
Jake Moore, Global Security Advisor at ESET, said that while the bug bounty program won’t address every possible attack vector, it will serve as another tool in the cybersecurity toolkit to prevent new waves of threats. I’m here.
According to a recent survey by BlackBerry, 51% of security leaders expect ChatGPT to be at the center of successful cyberattacks within a year. The biggest security concern lies in how cyberthreat actors can leverage large-scale language models to launch attacks such as malware development and compelling social engineering fraud.
Image credit: Koshiro K / Shutterstock.com
