Security Week

OpenAI Offering $100K Bounties for Critical Vulnerabilities

Ryan Naraine March 26, 2025 2 min read

Artificial intelligence tech giant OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) as part of plans to outsource the discovery of critical, high-impact vulnerabilities in its infrastructure and products.

The new bounty program is part of a broader set of security initiatives from OpenAI that includes funding for security research projects, continuous adversarial red teaming, and engagements with open-source software communities.

In addition to the higher payouts for critical security findings, OpenAI said it will provide bonus promotions for qualifying reports during limited-time periods.

The company also announced an expansion of the Cybersecurity Grant Program that has already funded 28 research initiatives since its rollout in 2023.

OpenAI said the funded projects have addressed issues such as prompt injection, secure code generation, and the development of autonomous cybersecurity defenses.

The program is now inviting hackers to propose projects on software patching, model privacy, threat detection and response, security integration, and resilience against sophisticated attacks.

OpenAI said the program is also introducing microgrants in the form of API credits to help researchers rapidly prototype creative security solutions.

In parallel, OpenAI said it is collaborating with experts from academic, government, and commercial labs to benchmark skills gaps and improve its models’ ability to identify and patch vulnerabilities.

Advertisement. Scroll to continue reading.

The company is also partnering with venture-backed startup SpecterOps to conduct continuous adversarial red teaming across corporate, cloud, and production environments.

The company said the simulated attacks are aimed at finding potential weaknesses before they can be exploited by malicious actors.