OpenAI efforts to boost security researchers by raising the maximum payout for its Bug Bounty program from $20K to a cool $100K. This initiative, along with a slew of others, is part of a multi-pronged effort to prioritize AI cybersecurity.
The company announced the expansion of its Security Bug Bounty Program on Wednesday, along with several cybersecurity agendas, including widening the scope of its Cybersecurity Grant program, a new red team partnership, and the development of new tools for protecting emerging AI agents from malicious threats.
The Bug Bounty program, launched last April, will now pay out $100,000 to researchers who submit “exceptional and differentiated critical findings.”
The $80,000 increase “reflects our commitment to rewarding meaningful, high-impact security research that helps us protect users and maintain trust in our systems,” OpenAI said.
The AI startup is also launching a limited-time “bonus promotion” period, during which additional bounty bonuses will be awarded to those who “submit qualifying reports within specific promotional categories.”
The current bonus promotion, which explicitly covers “priority 1-3 IDOR access control vulnerabilities on any in-scope target,” began Wednesday, March 26th, and will run through April 30th.
The promotion also increases the original IDOR bounty range from a minimum of $200 to $400 and a maximum of $6500 to $13,000.
Cybersecurity grant program evolves
OpenAI’s Cybersecurity Grant Program is evolving to include new priority areas like agentic security, model privacy, and AI-powered software patching, the Microsoft-backed company said.
“Since launching two years ago, we’ve reviewed over a thousand applications and funded 28 research initiatives, gaining critical insights into areas like prompt injection, secure code generation, and autonomous cybersecurity defenses,” it said.
The program is further introducing the “micro-grant” in the form of API credits to help researchers quickly prototype new ideas.
Expanding its focus, the grant program is encouraging new submissions encompassing a broader range of topics and new innovative angles. Applications are currently being accepted oniine in priority focus areas such as:
- Software patching: Leveraging AI to detect and patch vulnerabilities.
- Model privacy: Enhancing robustness against unintended exposure of private training data.
- Detection and response: Improving detection and response capabilities against advanced persistent threats.
- Security integration: Boosting accuracy and reliability of AI integration with security tools.
- Agentic security: Increasing resilience in AI agents against sophisticated attacks.
