On March 26, OpenAI announced significant updates to its Cybersecurity Grant Program, bug bounty program, and overall AI security initiatives, all intended to strengthen its commitment to user security. The updated Cybersecurity Grant Program, which has been in place for two years, has now broadened its scope by accepting proposals for a wider range of cybersecurity projects. This includes prioritizing research in software patching, model privacy, detection and response, security integration, and agentic security.
Remarkably, OpenAI is also introducing microgrants in the form of API credits for researchers with high-quality proposals. These microgrants are designed to help with the rapid prototyping of innovative cybersecurity ideas and experiments, further encouraging a culture of research and innovation within the field.
The most notable update to their bug bounty program is a substantial increase in the maximum potential payout. OpenAI has raised the bug bounty limit for ‘exceptional and differentiated critical findings’ from $20,000 to an impressive $100,000. This program, which debuted nearly two years ago in collaboration with Bugcrowd, has already rewarded 209 submissions, highlighting OpenAI’s serious commitment to maintaining high security standards. As Michael Skelton, vice president of operations at Bugcrowd, emphasized, the proactive nature of OpenAI’s security measures has garnered significant public interest.
Furthermore, to address growing threats to its artificial general intelligence (AGI) technology, OpenAI is enhancing its security infrastructure through various initiatives. This includes deploying AI-driven defenses, collaborating with SpecterOps for ongoing security evaluations, and developing better strategies to prevent prompt injection attacks. The company aims to solidify its security stance while responding to an increasingly sophisticated cyber threat landscape.
With these advancements, OpenAI not only aims to attract top security talent but also to preemptively address vulnerabilities before they can escalate into major incidents, as noted by Stephen Kowski, field CTO at SlashNext Email+ Security. As competition intensifies in the AI sector, the implications of these updates will likely resonate across the industry.