GPT‑5.5 Bio Bug Bounty

applfanboysbgon

> $25,000 to the first true universal jailbreak to clear all five questions. This program is a complete scam. Even if 100 people find "bugs", they will only pay out to one person.

dwa3592

Where are the questions that are supposed to be answered? Would those be shared after an application has been accepted? If yes, why is the application asking for a proposed approach for the jailbreak if we don't know the questions in the first place?

sva_

> We will extend invitations to a vetted list of trusted bio red-teamers Had to chuckle. This sounds like a rather exclusive group?

shevy-java

"Accepted applicants and collaborators must have existing ChatGPT accounts to apply, and will sign a NDA." Ah, good old NDA. Always buying silence. That's why I don't participate in any such "bounty" programs. Signing a NDA is like signing with the devil. You restrict what people are allowed to discuss. I had that happen before - when you sign a NDA you basically submit yourself into silence. Imagine journalists being stifled by NDAs.

its-summertime

This is just free / severely-underpaid-on-average labor. Very disgusting.

zb3

What a farce, these questions are not even public and most likely will never be. You can't even participate if you're not "trusted" I guess. So this is just a PR post, not that I even think the "biosafety" makes any sense but still.

dakiol

$25K. Really? They make $65 million a day, so they pay you what they earn in about 33 seconds for a critical vulnerability. WTF

mellosouls

If anybody is wondering what bio-bugs are, I had a heck of a time getting CG to (finally) tell me it's where the user can get it to guide them in doing things like constructing things that are hazardous in the domain of biology. Eg you can get answers about what ricin is but not how to weaponise it. Actionable stuff they shouldn't be able to legally/ethically action.

abujazar

This looks like some kind of marketing. Also, the equivalent of spec work. The NDA/secrecy also means any time spent on this is completely meaningless to the participants unless they win the lottery, because results can't be published.

gosub100

Check with the dark net markets first before claiming the bounty. Remember, this company has 0.0 fucks to give about the impact of their tech on employment, artists, or use in committing fraud, as long as number-go-up they are happy. Your actions should match theirs.

tiberriver256

Codex desktop app is barely usable... The perf issues are left to languish in their backlog

codeulike

This is to match what Anthropic said they already did with Mythos on the (200 page) Mythos system card

gib444

How did the dupe detector miss https://news.ycombinator.com/item?id=47879102 ?

puppystench

They ran a bounty on Kaggle last year but with $500k in payouts and with all results open and publishable. https://www.kaggle.com/competitions/openai-gpt-oss-20b-red-t... With only $25k in payouts and everything locked down under NDA, I can't imagine many people will participate. Well, other than those submitting mountains of LLM-generated junk.

unethical_ban

* Highly unlikely to win * Relatively paltry reward * NDA on findings This is functionally equivalent to an internship where the reward is the experience, and the resume building, but you can't talk about what you did. All for a company that is getting tens of billions of dollars in deals from the largest tech companies in the world. I suppose the hope is that there are job offers somewhere along the line.

lxgr

Ah, now I understand why all my chats are getting flagged for biosafety issues these days. (I asked it to create an illustration about gene drives for a high school level audience once.)

altcognito

Billions upon billions going to these companies. 25k reward from a selected group of people if you help us determine whether or not someone can use our tool to generate weapons of mass destruction.

notatoad

are the 5 questions you need to get it to answer under NDA?

Der_Einzige

Unironically bad. We need a lone-wolf to successfully execute an attack now while it's still relatively benign so we can scare the hell out of the world while it's still a mid-tier virus. No way is someone going to make a humanity killing virus with GPT 5.5, but it might be possible with GPT 20 circa 2040. Similar argument for why we HAD to use nukes at the end of WW2. If we hadn't, the nuclear taboo likely wouldn't have existed and we'd likely have had a worse nuclear war in our more recent history.

xp84

"Access: Application and invites. We will extend invitations to a vetted list of trusted bio red-teamers, and review new applications. Once selected, successful applicants will be onboarded to the bio bug bounty platform" I don't get it. Isn't the whole point of a BBP to try to get people to find and disclose to you the exploits in question? If you gatekeep like this, then "non-trusted" people who could be your red-teamers are incentivized to still hack, but disclose their exploits to bad people for money. I get it when there is a risk to your data or infra -- my last company engaged with HackerOne and that was an invite-only list of participants. But that was because we didn't want random people hacking in ways that could cause pain for real customers -- e.g. DDOS, or in the event of an exploit that could cross tenant boundaries, injecting garbage into or deleting things, or gaining access to sensitive info in other tenants. Here, there's no such danger. So why not allow anyone (anyone they're legally allowed to pay, I suppose? North Koreans probably would be problematic?) to participate?