Introducing the OpenAI Safety Bug Bounty program

OpenAI Blog Products

Summary

OpenAI is launching a public Safety Bug Bounty program focused on identifying AI abuse and safety risks — including agentic risks, MCP vulnerabilities, and account integrity issues — complementing its existing Security Bug Bounty program. Researchers can submit issues that pose meaningful safety risks even if they don't qualify as traditional security vulnerabilities.

OpenAI launches a Safety Bug Bounty program to identify AI abuse and safety risks, including agentic vulnerabilities, prompt injection, and data exfiltration.
Original Article
View Cached Full Text

Cached at: 04/20/26, 02:51 PM

# Introducing the OpenAI Safety Bug Bounty program Source: [https://openai.com/index/safety-bug-bounty/](https://openai.com/index/safety-bug-bounty/) OpenAITesting for safety and abuse issues across OpenAI Today, OpenAI is launching a public[Safety Bug Bounty⁠\(opens in a new window\)](https://bugcrowd.com/engagements/openai-safety)program focused on identifying AI abuse and safety risks across our products\. As AI technology rapidly evolves, so do the potential ways it can be misused\. Our goal is to ensure our systems remain safe and secure against misuse or abuse that could lead to tangible harm\. This new program will complement OpenAI’s[Security Bug Bounty⁠\(opens in a new window\)](https://bugcrowd.com/engagements/openai)by accepting issues that pose meaningful abuse and safety risks, even if they don’t meet the criteria for a security vulnerability\. Through this program, we look forward to continuing to partner with safety and security researchers to help us identify and address issues that fall outside conventional security vulnerabilities but still pose real risks\. Submissions will be triaged by OpenAI’s Safety and Security Bug Bounty teams, and may be rerouted between the two programs depending on scope and ownership\. **Agentic Risks including MCP** - Third party prompt injection and data exfiltration: when attacker text is able to reliably hijack a victim’s agent \(including Browser, ChatGPT Agent, and similar agentic products\) to trick it into performing a harmful action or leaking the user’s sensitive information\. The behavior must be reproducible at least 50% of the time\. - An agentic OpenAI product performs a disallowed action on OpenAI’s website at scale\. - An agentic OpenAI product performs some potentially harmful action not listed above\. Valid reports here must indicate plausible and material harm\. - Any testing for MCP risk must comply with the terms of service of any third parties\. **OpenAI Proprietary Information** - Model generations that return proprietary information related to reasoning\. - Vulnerabilities that expose other OpenAI proprietary information\. **Account and Platform Integrity** - Vulnerabilities in account integrity and platform integrity signals, such as bypassing anti\-automation controls, manipulating account trust signals, evading account restrictions/suspensions/bans, and similar issues\. - Issues that allow users to access features, data, or functionalities beyond authorized permissions should be reported to the[Security Bug Bounty⁠\(opens in a new window\)](https://bugcrowd.com/engagements/openai)\. While jailbreaks are out of scope for this program, we periodically run private bug bounty campaigns focused on certain harm types, such as Biorisk content issues in[ChatGPT Agent⁠](https://openai.com/bio-bug-bounty/)and[GPT‑5⁠](https://openai.com/gpt-5-bio-bug-bounty/)\. We invite interested researchers to apply to these programs when they arise\. Outside of the categories listed above, if researchers identify flaws that facilitate direct paths to user harm and actionable, discrete remediation steps, these may be considered in scope for rewards on a case\-by\-case basis\. General content\-policy bypasses without demonstrable safety or abuse impact are out of scope for this program\. For example, “jailbreaks” that result in the model using rude language or returning information that is easily findable via search engines are out of scope\. Researchers interested in participating can apply through our[Safety Bug Bounty⁠\(opens in a new window\)](https://bugcrowd.com/engagements/openai-safety)program\. We look forward to working alongside researchers, ethical hackers, and the safety and security community in the pursuit of a secure AI ecosystem\.

Similar Articles

Announcing OpenAI’s Bug Bounty Program

OpenAI Blog

OpenAI has launched a Bug Bounty Program in partnership with Bugcrowd, offering cash rewards ranging from $200 to $20,000 for security researchers who discover and report vulnerabilities in OpenAI's systems.

Announcing the OpenAI Safety Fellowship

OpenAI Blog

OpenAI announces a new Safety Fellowship program for external researchers to conduct rigorous safety and alignment research on advanced AI systems, running September 2026 through February 2027. The program offers mentorship, compute support, stipends, and workspace at Constellation in Berkeley, with applications open until May 3.

OpenAI safety practices

OpenAI Blog

OpenAI outlines 10 safety practices it actively uses and improves upon, including empirical red-teaming, alignment research, abuse monitoring, and voluntary commitments shared at the AI Seoul Summit. The company emphasizes a balanced, scientific approach to safety integrated into development from the outset.