OpenAI, the U.S. AI lab behind ChatGPT, has announced a public bug bounty program that can reward users for identifying flaws and security weaknesses in its chatbot systems. Bloomberg reports that the initiative is designed to encourage researchers and everyday users to help improve safety and reliability across OpenAI products by submitting credible bug reports and vulnerability findings.
Under the bug bounty program, participants will be able to submit reports about weaknesses, bugs, or security issues discovered while using OpenAI services. OpenAI’s representatives say the rewards are intended to reflect the severity and impact of the issue, with smaller bugs earning hundreds of dollars and more severe, high-impact vulnerabilities potentially worth tens of thousands of dollars. The exact payout scales are linked to the risk and complexity of the bug, the potential for exploitation, and the quality of the information provided to verify the flaw.
OpenAI has partnered with Bugcrowd, a well-known platform that manages bug bounty programs for many technology companies. The collaboration is meant to streamline submission, validation, and payout processes, ensuring researchers can securely disclose issues and receive compensation in a timely manner while maintaining responsible disclosure practices.
In a separate incident noted by the developers, a late-March report described an exposure of user data associated with ChatGPT. The company attributed the leak to a bug in the system and asserted that the data exposure has since been resolved. The episode underscored the ongoing importance of robust security testing and transparent incident handling as the company scales its AI offerings for a broad user base across the United States and Canada.
Industry observers say such bug bounty programs can play a meaningful role in strengthening security, testing real‑world use cases, and uncovering edge‑case scenarios that traditional testing may miss. By inviting a diverse set of researchers to probe OpenAI’s platforms, the program aims to shorten response times to new vulnerabilities and create a feedback loop that informs faster remediation and safer product updates. At the same time, researchers are reminded to follow responsible disclosure guidelines and await confirmation from OpenAI before publicizing details that could aid bad actors. As OpenAI expands its suite of tools and services, the bug bounty initiative is positioned as part of a broader strategy to build trust with users, developers, and organizations that rely on their AI technologies for critical tasks across North America.