OpenAI sets up a $20,000 reward to recruit bounty hunters for ChatGPT defect reports!

Big Data Digest Produced

##Just yesterday, OpenAI announced the launch of a bounty Plan to help address the growing cybersecurity risks posed by ChatGPT.

This "Bounty Hunter Program" invites various independent researchers to report vulnerabilities in the OpenAI system. Participants include The opportunity to receive a financial reward ranging from $200 to $20,000, depending on the severity of the vulnerability.

The project is being carried out in partnership with crowdsourced cybersecurity company BugCrowd, which OpenAI says is its “commitment to Developing safe, advanced artificial intelligence”.

So, if you find any loopholes in the process of chatting with ChatGPT (for example, it will be destroyed at every turn) If you are a human), you must report it in time. If you can help discover a vulnerability, you can get a bounty!

Since the birth of ChatGPT, people have become increasingly worried about vulnerabilities in this type of artificial intelligence system, such as generating error messages and Unethical messages, according to AI cybersecurity firm Dark Trace, researchers found a 135% increase in social engineering attacks using AI from January to February, which coincides with the launch of ChatGPT.

The emergence of ChatGPT has undoubtedly lowered the threshold for network attacks, especially the newly launched ChatGPT 4.0.

Just days after the launch of ChatGPT 4.0, University of Washington computer science student Alex Albert found a way to transcend its security mechanism. In a demo posted on Twitter, Albert showed how a user could prompt GPT-4 to generate instructions for hacking a computer by exploiting a vulnerability in the way GPT-4 interprets and responds to text.

#This bounty program is designed to address the widespread concerns caused by this series of security issues. Previously, a security researcher named Rez0 allegedly exploited a vulnerability to attack ChatGPT's API and discovered more than 80 secret plug-ins.

In light of these controversies, OpenAI has launched this bounty award to encourage researchers to report vulnerabilities that can be addressed in its product ecosystem flaws in AI while positioning itself as an organization acting in good faith to address the security risks posed by generative AI.

##Expert: "Bounty Program" has limited effect

#While OpenAI’s plan is welcomed by some experts, others say the bounty program is unlikely to fully address the challenges posed by increasingly sophisticated artificial intelligence technology. wide range of cybersecurity risks.

Experts believe that OpenAI’s bounty program is very limited in the scope of threats it addresses. For example, the official page for the bounty program states: "Issues related to demonstration prompts and response content are strictly out of scope and will not be rewarded unless they have additional, directly verifiable security impact on in-scope services ."

Examples of security issues that are considered out-of-scope include jailbreaking and bypassing safe mode, allowing the model to bad words (immoral remarks)” and have the model write malicious code or have the model tell you how to put bad things into action.

In this sense, OpenAI’s bug bounty program may be useful in helping organizations improve their security posture , but it does little to address the security risks posed to society as a whole by generative AI and GPT-4.

So many believe that since the scope of the project is limited to vulnerabilities that may directly impact OpenAI systems and partners, It does not appear to address broader concerns about the malicious use of techniques such as impersonation, synthetic media or automated hacking tools.

OpenAI did not immediately respond to a request for comment.

Related reports:

​​https://www.php.cn/link/3e9928ece00c78dc7777c644f68d3956​​

​​https://www.php.cn/link/52ff52aa56d10a1287274ecf02dccb5f​​

The above is the detailed content of OpenAI sets up a $20,000 reward to recruit bounty hunters for ChatGPT defect reports!. For more information, please follow other related articles on the PHP Chinese website!