{"id":5003,"date":"2026-03-28T21:37:21","date_gmt":"2026-03-28T21:37:21","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/03\/28\/openai-expands-bug-bounty-to-cover-ai-abuse-and-safety-concerns\/"},"modified":"2026-03-28T21:37:21","modified_gmt":"2026-03-28T21:37:21","slug":"openai-expands-bug-bounty-to-cover-ai-abuse-and-safety-concerns","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/03\/28\/openai-expands-bug-bounty-to-cover-ai-abuse-and-safety-concerns\/","title":{"rendered":"OpenAI Expands Bug Bounty to Cover AI Abuse and &#8216;Safety&#8217; Concerns"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/a7d280e2-8cd7-47a1-ba33-0ae2a304849f.png?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Kevin  Poireault\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>OpenAI has launched a new bug bounty program to engage researchers in addressing AI abuse and safety risks across its products.<\/p>\n<p>The new Safety Bug Bounty program was announced on March 26 and is hosted on Bugcrowd.<\/p>\n<p>It complements the firm\u2019s Security Bug Bounty, also hosted on Bugcrowd, that has rewarded 409 security vulnerabilities in OpenAI\u2019s product offerings since its launch in April 2023.<\/p>\n<p>With the Safety Bug Bounty, OpenAI wants to encourage disclosures of issues in its products that pose \u201cmeaningful abuse and safety risks, even if they don\u2019t meet the criteria for a security vulnerability.\u201d<\/p>\n<p>The scenarios covered by this new program encompass:<\/p>\n<ul>\n<li>Agentic risks, including model context protocol (MCP) abuse, third-party prompt injection, data exfiltration, disallowed actions at scale on OpenAI\u2019s website or other potentially harmful unlisted behaviors<\/li>\n<\/ul>\n<ul>\n<li>Violations of account and platform integrity (e.g. bypassing anti-automation controls, manipulating account trust signals, evading account restrictions\/suspensions\/bans)<\/li>\n<li>OpenAI proprietary information abuse (e.g. model generations that return proprietary information related to reasoning; vulnerabilities that expose other OpenAI proprietary information)<\/li>\n<\/ul>\n<h2><strong>Key Differences: OpenAI\u2019s Security vs. Safety Bug Bounty Programs<\/strong><\/h2>\n<p>OpenAI outlined that integrity violations involving a user having access to features, data or functionalities beyond authorized permissions should be reported to the Security Bug Bounty rather than the new Safety Bug Bounty.<\/p>\n<p>The company further clarified that general content-policy bypasses without clear safety or abuse impact are not eligible for rewards.<\/p>\n<p>For example, it specified that &#8220;jailbreaks&#8221; that only result in rude language or easily searchable information are out of scope.<\/p>\n<p>However, researchers who identify flaws enabling direct user harm with actionable fixes may still qualify for rewards on a case-by-case basis.<\/p>\n<p>OpenAI also stated that it periodically runs private bug bounty campaigns targeting specific harm types, including biorisk content issues in ChatGPT Agent and GPT-5.<\/p>\n<p>Researchers can already submit issues to the Safety Bug Bounty program via Bugcrowd. An OpenAI team responsible for both Safety and Security Bug Bounty programs will triage submissions, which may be rerouted between the two programs depending on scope and ownership.<\/p>\n<p><em>Image credits:\u00a0Samuel Boivin \/ Stock all \/ Shutterstock.com<\/em><\/p>\n<p><em>Read now: Why AI\u2019s Rise Makes Protecting Personal Data More Critical Than Ever<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>OpenAI has launched a new bug bounty program to engage researchers in addressing AI abuse and safety risks across its products. The new Safety Bug Bounty program was announced on March 26 and is hosted on Bugcrowd. It complements the firm\u2019s Security Bug Bounty, also hosted on Bugcrowd, that has rewarded 409 security vulnerabilities in<\/p>\n","protected":false},"author":2,"featured_media":5004,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5003","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/5003-1e3be400-e520-4b51-bba6-2e313f146cc0-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5003"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5003\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5004"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5003"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}