OPENAI has launched a public safety bug bounty programme focused on AI-specific abuse and safety risks in its products, in addition to its existing security programme. According to OpenAI, submissions will be triaged by its Safety and Security Bug Bounty teams and may be rerouted between the two programmes depending on scope and ownership.
The initiative, which runs on Bugcrowd, covers design and implementation issues that could lead to material harm and is open to issues that do not meet the criteria for a security vulnerability. Researchers can earn up to $7,500 for reports detailing consistently reproducible high‑severity issues with a clear set of remediation steps, though reward decisions are at OpenAI’s discretion.
The programme explicitly encourages reporting abuse risks in agentic OpenAI products such as Atlas Browser, Codex, Operator, Connectors, and other ChatGPT tools, including vulnerabilities in connectors and MCP integrators that could be abused to cause harm. Written by Ionut Arghire, the article notes the policy is effective as of March 27, 2026.