OPENAI has launched a new Safety Bug Bounty to address AI abuse and safety risks across its products, announced on 26 March 2026 and hosted on Bugcrowd. According to OpenAI, the Safety Bug Bounty complements its Security Bug Bounty, which has rewarded 409 security vulnerabilities since its launch in April 2023.
The Safety programme covers agentic risks such as model context protocol abuse, third-party prompt injection, data exfiltration and other potentially harmful unlisted behaviours, as well as violations of account and platform integrity and the abuse of OpenAI proprietary information.
OpenAI notes that integrity violations involving features, data or functionalities beyond authorised permissions should be reported to the Security Bug Bounty rather than the Safety programme, and general content-policy bypasses without clear safety impact are not eligible for rewards.
Researchers identifying flaws that enable direct user harm with actionable fixes may qualify for rewards on a case-by-case basis, and the company runs private campaigns targeting specific harm types, including biorisk content in ChatGPT Agent and GPT-5.