OpenAI Launches Bug Bounty Program for Abuse and Safety Risks

OpenAI has announced a new public safety bug bounty program focused on AI-specific abuse and safety risks in its products. The new program complements OpenAI’s existing security bug bounty program and is open to issues that do not meet the criteria for a security vulnerability. “Submissions will be triaged by OpenAI’s Safety and Security Bug Bounty teams and may be rerouted between the two programs depending on scope and ownership,” OpenAI says. AI-specific safety scenarios covered by the new program include third-party prompt injection and data exfiltration attacks, disallowed actions performed by agentic OpenAI products on the company’s website at scale, and other harmful actions performed by the products. The program also accepts submissions regarding issues that lead to the exposure of OpenAI’s proprietary information, as well as weaknesses in account and platform integrity. “If researchers identify flaws that facilitate direct paths to user harm and actionable, discrete remediation steps, these may be considered in scope for rewards on a case-by-case basis,” OpenAI notes. The program runs on Bugcrowd and follows the same rules as the company’s security bug bounty program, with several additions. Per the rules, design and implementation issues in OpenAI products that could lead to material harm are within the scope of the program, including flaws resulting in abuse protection bypasses. Researchers are encouraged to identify abuse risks in agentic OpenAI products that perform actions on behalf of the user or access data as the user, including Atlas Browser, Codex, Operator, Connectors, and other ChatGPT tools. Vulnerabilities in connectors and MCP integrators that can be abused to cause material harm are also accepted. Researchers may earn up to $7,500 for reports that detail consistently reproducible issues of high severity, and which include a clear set of recommended steps or mitigations. However, OpenAI says reward decisions and amounts are up to its discretion. Related: Google Paid Out $17 Million in Bug Bounty Rewards in 2025 Related: OpenAI Rolls Out Codex Security Vulnerability Scanner Related: Microsoft Bug Bounty Program Expanded to Third-Party Code Related: From Open Source to OpenAI: The Evolution of Third-Party Risk WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Cisco Patches Multiple Vulnerabilities in IOS Software Onit Security Raises $11 Million for Exposure Management Platform iOS, macOS 26.4 Roll Out With Fresh Security Patches FCC Bans New Routers Made Outside the US Over National Security Risks From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Extortion Group Claims It Hacked AstraZeneca Chrome 146 Update Patches High-Severity Vulnerabilities 3.1 Million Impacted by QualDerm Data Breach Latest News In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline TP-Link Patches High-Severity Router Vulnerabilities RSAC 2026 Conference Announcements Summary (Days 3-4) Coruna iOS Exploit Kit Likely an Update to Operation Triangulation CISA Flags Critical PTC Vulnerability That Had German Police Mobilized Hightower Holding Data Breach Impacts 130,000 BIND Updates Patch High-Severity Vulnerabilities Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Moderna has promoted Farzan Karimi to Deputy Chief Information Security Officer. Brian Goldfarb has been appointed Chief Marketing Officer at SentinelOne. Token has appointed Katy Nelson as Chief Revenue Officer. More People On The Move Expert Insights Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Email