Anyone who has ever interacted with ChatGPT, the incredible AI-powered chatbot, can attest to its impressive abilities, but also it’s potential to make astonishing mistakes. Coupled with concerns about the security and confidentiality of the service, this creates a digital Dr. Jekyll and Mr. Hyde that is both terrifying and alluring. To address these issues, OpenAI has come up with a solution: to directly reward bug hunters who help improve the program.
The initiative called the Bug Bounty Program, is hosted on BugCrowd. This platform serves as an intermediary between developers and users. The idea is essentially the same as with a regular bug tracker; when a user comes across a bug or security vulnerability, they can open a ticket to document it rigorously. A developer can then review the report to fix the problem.
The difference is that BugCrowd doesn’t rely on people’s goodwill; it offers a cash reward for any feedback that directly contributes to the resolution of a bug, depending on its severity. This approach has worked well for digital titans who can afford to devote considerable sums to this activity. According to Bleeping Computer, for example, Google has already paid out over $12 million to third parties in this way. A particularly critical contribution was even paid out to the tune of $605,000!
OpenAI is now following suit, thanks to the funds collected with its AI model, and it has also been generous. Even the smallest rewards are already well-stocked. Participating in the resolution of less severe bugs can already earn you $200, or about €180 at the current exchange rate. In the case of a critical bug that directly threatens the integrity of the service or the company’s data, the jackpot explodes. According to OpenAI’s BugCrowd page, participating in the resolution of a major problem can earn up to $6,500, or about €5,900. A particularly productive bug hunter can even accumulate rewards of up to $20,000, or about €18,200. This is enough to buy a brand-new car or a very nice summer vacation!
For reference, the vulnerability rating that determines the amount of the reward is available here.
Am I eligible for this reward?
Technically, the platform is open to everyone, but that doesn’t mean anyone can hit the jackpot. This is largely due to the nature of the information being sought. OpenAI is not interested in surface bugs or its model’s responses; there’s no point in filling out a form to tell them that ChatGPT got a date, name, or calculation wrong. The company is mainly interested in security issues that could compromise its business. This means that some technical expertise is required. Network and/or cybersecurity specialists are better equipped to provide relevant contributions. If you’re not already comfortable with your computer normally, unfortunately, there’s little chance that your feedback will interest OpenAI. On the other hand, there are no restrictions based on your professional background. You don’t need to be a seasoned developer with 30 years of experience in a large company to contribute. There’s no problem if you’re an independent contractor or cybersecurity enthusiast. You can still try your luck on BugCrowd.
How to submit a bug to earn a reward?
If you have identified a bug that might interest OpenAI, go to this address and create a BugCrowd account if necessary. Only an email address and a password are required. You can then access the page containing the form through the “Submit report” button. To submit your contribution, start by giving it a title. Then select the category that concerns the identified problem. This may be ChatGPT itself, a plug-in, or its API. You can then choose the specific bug category (unsecured data transit, vulnerability to SQL injection…) and the site address where you found it. The next step is to write a report that describes the steps necessary to reproduce the bug as well as its consequences. You must also add screenshots to document the malfunction encountered. If your contribution is strong enough to help OpenAI improve its product, you will be paid after the problem has been resolved.
