OpenAI Launches Safety Program to Test Next-Gen AI Models

OpenAI Launches Safety Program to Test Next-Gen AI Models

OpenAI is launching a public safety bug bounty program to help address AI abuse and safety risks as technology evolves. We want to keep our systems safe and prevent real harm.  

This new program works alongside OpenAI’s Security Bug Bounty by accepting reports about abuse and safety risks, even if they are not traditional security vulnerabilities. We want to keep working with safety and security researchers to find and fix these issues. OpenAI’s safety and security bug bounty teams will examine all submissions and may remove them from one program and add them to another based on their details.  

Program Overview 

The new safety bug bounty program focuses on the following AI-specific safety scenarios:  

Agentic risks, including MCP.  

  • Third-party prompt injection and data exfiltration: when an attacker’s input reliably controls a victim’s browser or ChatGPT agent to perform harmful actions or leak sensitive data. The attack must be reproducible in over 50% of tests.  
  • An OpenAI agent product carries out a forbidden action on OpenAI’s website on a large scale.  
  • An OpenAI agent product performs an unlisted potentially harmful action. Reports must demonstrate that the risk of significant harm is probable.  
  • All testing for NCP risk must follow the terms of service of any third parties involved.  

Open AI Proprietary Information 

  • Model outputs that reveal proprietary innovation without reasoning.  
  • Vulnerabilities that reveal other OpenAI proprietary information.  

Account And Platform Integrity 

  • Vulnerabilities affecting account or platform integrity, including ways to bypass automation defenses, modify trust signals, or evade account restrictions, suspensions, and bans.  
  • If users can access features, data, or functions they are not authorized to, please report these issues to the Security Bug Bounty program. In contrast, the safety bug bounty program addresses risks of abuse and safety issues that do not always involve unauthorized access. This distinction ensures each program targets its relevant risk area.  

Jailbreaks are not included in this program, but we sometimes run private bug bounty campaigns for specific harm types, such as bio-risk content issues in ChatGPT Agent and GPT-5. Researchers interested in these programs are welcome to apply when they are available.  

Flaws not listed that directly harm users and have clear fixes may be eligible for rewards on a case-by-case basis. Bypasses that only cause rude language or reveal easily found information are not in scope.  

How to Participate  

Join our safety bug bounty program today and help us make AI safer for everyone. Your expertise can directly prevent real-world harm. We invite you researchers, ethical hackers, and the safety and security community to partner with us in building a trustworthy AI ecosystem. Apply now and be part of the solution.  

Source: Introducing the OpenAI Safety Bug Bounty program