OpenAI’s bug bounty program, launched in April, garnered attention due to the company’s prominence in AI, particularly with ChatGPT. Unlike typical bug bounty programs, OpenAI’s focus was on infrastructure rather than its large-language models.
The company employed Bugcrowd to organize white-hat hackers to assess vulnerabilities in cloud resources, plugins, and third-party service connections. Notably, OpenAI excluded scrutiny of its AI models, emphasizing the collaborative nature of addressing issues related to the models and stating that they require substantial research and a broader approach.
Despite this limitation, the bug bounty program attracted significant interest, with over 4,500 researchers participating, showcasing an opportunity for Bugcrowd to train less-experienced hackers through its Bugcrowd University program. Bugcrowd’s founder and CTO, Casey Ellis, noted the “noisy” initial response to the bug bounty program, attracting participants who might not typically engage in such competitions.
Bugcrowd saw this as an opportunity to train and mentor less-skilled hackers, guiding them to enhance their testing capabilities.
While these participants may not identify critical issues immediately, Bugcrowd aims to nurture their skills for future success.
OpenAI’s bug bounty payouts, reaching up to $20,000 for individual bug disclosures, position it among notable companies like Okta and Netflix, though falling below those for Tesla and Sophos.
The program’s popularity, with more than 4,500 researchers signing up, highlights the growing interest in ethical hacking and the potential for collaboration in addressing cybersecurity challenges.
