Microsoft-backed OpenAI has launched a bug bounty program and is inviting the worldwide neighborhood of safety researchers, moral hackers, and expertise fans to assist the corporate determine and deal with vulnerabilities in its synthetic clever techniques.
“We’re excited to construct on our coordinated disclosure commitments by providing incentives for qualifying vulnerability data,” OpenAI mentioned in its weblog submit on Tuesday.
Based mostly on the severity and influence of the reported vulnerability, OpenAI will hand out money rewards starting from $200 for low-severity findings to as much as $20,000 for distinctive discoveries.
The corporate has partnered with Bugcrowd, a bug bounty platform, to handle the submission and reward course of.
The OpenAI bug bounty program consists of API targets, ChatGPT, third-party company targets, OpenAI API keys, and OpenAI analysis group.
The API targets embrace OpenAI API and public cloud assets or infrastructure concerned in serving the OpenAI API reminiscent of cloud storage accounts (e.g., Azure knowledge blobs), and cloud compute servers (e.g., Azure digital machines).
When it comes to ChatGPT, the scope consists of ChatGPT Plus, logins, subscriptions, OpenAI-created plugins (e.g. shopping, code interpreter), plugins a person creates themselves, and all different performance.
Included within the scope of this system is confidential OpenAI company data which may be uncovered by means of third events reminiscent of Google Workspace, Asana, Trello, Jira, Monday.com, Notion, Confluence, Evernote, Intercom, Hubspot, Zendesk, Salesforce, Stripe, Airbase, Navan, Tableau, Mode, Charthop, and Looker, Bugcrowd mentioned.
Points associated to the content material of mannequin prompts and responses are strictly out of scope and won’t be rewarded except they’ve an extra instantly verifiable safety influence on an in-scope service. Even mannequin hallucinations are listed as out of scope by OpenAI.
“Mannequin questions of safety don’t match nicely inside a bug bounty program, as they aren’t particular person, discrete bugs that may be instantly mounted,” OpenAI mentioned.
Examples of points which might be out of scope embrace jailbreaks or security bypasses, getting the mannequin to say dangerous issues, getting the mannequin to inform you how one can do dangerous issues, and getting the mannequin to put in writing malicious code.
Mannequin hallucinations discuss with conditions the place the person will get the mannequin to faux to do dangerous issues, get the mannequin to faux to present you solutions to secrets and techniques, and get the mannequin to faux to be a pc and execute code.
As soon as a vulnerability is found, data associated to it must be communicated utilizing OpenAI’s Bugcrowd program. The main points of the vulnerability must be saved confidential till licensed for launch by OpenAI’s safety workforce. OpenAI mentioned it goals to supply authorization inside 90 days of report receipt.
The announcement of the bug bounty program by the corporate comes inside weeks of ChatGPT going through a safety incident. Final month, the corporate revealed a Redis shopper open supply library bug had led to ChatGPT outage and knowledge leak, the place customers may see different customers’ private data and chat queries.
Chat queries and private data reminiscent of subscriber names, electronic mail addresses, cost addresses, and partial bank card data of roughly 1.2% of ChatGPT Plus subscribers had been uncovered, the corporate acknowledged.
ChatGPT was launched by OpenAI in November and had over 1 million customers throughout the first 5 days.
Nonetheless, ChatGPT is more and more going through competitors. On Monday, Alibaba Cloud introduced the launch of a brand new massive language mannequin, known as Tongyi Qianwen, which it can roll out as a ChatGPT-style entrance finish to all its enterprise purposes.
Tongyi Qianwen will assist each English and Chinese language inputs and rolled out in beta check for patrons in China.
One other Chinese language web companies and AI big, Baidu, introduced a Chinese language language ChatGPT different, Ernie bot final month. In its preliminary section, 650 enterprise companions would have entry to the bot, and the corporate hopes to enhance the bot based mostly on suggestions.
Copyright © 2023 IDG Communications, Inc.
