OpenAI opened a reward program to find universal jailbreaks that can bypass GPT-5 protections on bio and chemistry questions. Why invite the community to break what they themselves built? Because real security improves when more eyes try to break the system in a controlled way. (openai.com)
What OpenAI announced
The initiative is called the Bio Bug Bounty and it’s designed specifically for GPT-5. The goal isn’t to test isolated exploits, but to find a universal jailbreak: a single prompt or method that lets the model answer all ten bio/chemistry safety questions correctly without triggering moderation from a clean chat. OpenAI has deployed GPT-5 and wants to strengthen its defenses with external tests. (openai.com)
Main rewards:
- 25,000 USD to the first finding that demonstrates a true
universal jailbreakthat passes all ten questions. - 10,000 USD to the first team that answers the ten questions using multiple jailbreaks.
- Smaller prizes may be awarded for partial successes at OpenAI’s discretion. (openai.com)
How the program works
The process is application-based with rolling acceptances. Key dates published are:
- Applications opened on August 25, 2025.
- The application window closes on September 15, 2025.
- Testing begins on September 16, 2025.
Access is by invitation and review: OpenAI will invite a roster of trusted bio red-teamers and review new applications. Everything related to prompts, responses and communications will be covered by a confidentiality agreement. Also, applicants must have ChatGPT accounts to apply. (openai.com)
Why this matters for everyone
Because it’s not just a contest for researchers. It’s a practical risk-reduction measure: if someone finds a method that defeats the defenses, OpenAI can learn, patch and improve the barriers before it’s used maliciously. Think of it like a classic software bug bounty, but applied to dangerous behaviors in language models.
It also raises legitimate questions. How open should the process be? What gets published and what stays under NDA? OpenAI chose a conservative balance: controlled tests with limited disclosure to avoid spreading dangerous instructions. That helps reduce potential harm, but it also means you have to trust selected third parties to audit the failures.
If you're a researcher, what do they ask when applying?
OpenAI requests a brief application with your name, affiliation, relevant background and a 150-word plan. The process is selective: teams with experience in red teaming, security, or chemical and biological risks will be prioritized. If you’re interested, there’s a public application form you must access before the deadline. (openai.com)
Important point: the program is specific to
GPT-5and meant to identifyuniversal jailbreaksthat represent a systemic risk. The rules and NDA seek to balance research with safety.
Risks and limits you should keep in mind
- This is not a call to share dangerous techniques in public. Everything discovered falls under responsible disclosure.
- Results won’t necessarily be public. OpenAI may withhold details for security reasons.
- The scope is limited to
GPT-5. Findings may or may not apply to other models or deployments.
If you’ve participated in software bug bounties, the dynamic will feel familiar: incentives, clear rules and controlled access. If not, the invitation signals that the industry is learning that advanced models need aggressive, external testing to be safer.
Brief reflection
This announcement shows that big companies no longer just train models in closed labs. They’re testing their defenses with the community to find real failures before someone exploits them out of context. Curious to participate or follow how it evolves? The application window is short and the process is serious, but initiatives like this change how AI risk is managed. (openai.com)