OpenAI introduced its Safety Bug Bounty program today, targeting AI abuse and safety risks across its products. The initiative expands on the company’s existing Security Bug Bounty by addressing vulnerabilities that don’t qualify as traditional security flaws but still pose tangible harm. Researchers can now report issues like agentic risks—such as third-party prompt injection or data exfiltration—where attackers hijack AI agents to perform malicious actions. These vulnerabilities must be reproducible at least half the time and demonstrate plausible harm, such as unauthorized access to OpenAI’s website or proprietary systems.

The program prioritizes categories including agentic OpenAI products performing disallowed actions, exposure of proprietary model generations, and platform integrity flaws like bypassing account restrictions. However, general content-policy bypasses (e.g., jailbreaks enabling rude language) remain out of scope. OpenAI clarified that only issues with clear safety impacts and actionable fixes qualify for rewards. The move signals a shift toward proactive risk mitigation as AI systems grow more autonomous.

Eligible submissions will be reviewed by OpenAI’s Safety and Security teams, with some cases redirected to the Security Bug Bounty program based on technical ownership. Researchers interested in biorisk or privacy-focused campaigns, such as those for ChatGPT Agent or GPT-5, are encouraged to apply for private initiatives. OpenAI emphasized collaboration with ethical hackers to strengthen AI security frameworks.

OpenAI’s dual bounty structure reflects growing industry focus on nuanced AI risks. By distinguishing between security and safety vulnerabilities, the company aims to address emergent threats like agentic misuse while maintaining clear boundaries for acceptable testing. This approach aligns with broader efforts to standardize AI safety practices across the tech sector.