GPT‑5.5 Bio Bug Bounty

Original Article ↗ Hacker News Discussion ↗

Prize structure & incentives

  • Top prize is $25k for the first “true universal jailbreak” that answers five hidden bio questions without triggering moderation.
  • Many see this as a lottery: only one main payout regardless of how many people or distinct bugs succeed; partial successes may get nothing or only discretionary rewards.
  • Several posters call the reward insultingly low relative to OpenAI’s resources and the claimed existential stakes, comparing it unfavorably to six‑figure security bounties and OpenAI’s own prior $500k Kaggle contest.
  • Others respond that “first past the post” and discretionary partials are standard in bug bounties and contests.

NDA, access control, and secrecy

  • Participation is gated: applicants must already be ChatGPT users, be “vetted” bio red‑teamers, and sign an NDA.
  • Critics argue this turns it into unpaid or underpaid spec work where almost everyone gets nothing and also cannot publish results or even the questions.
  • Some worry the NDA allows OpenAI to reject payouts while still silencing participants. A few say this level of confidentiality is normal; others strongly disagree.
  • There is confusion/criticism around being asked to propose a jailbreak approach before even seeing the five questions.

Perceived goals: safety vs. marketing

  • Many commenters describe the program as a PR or “theatre” move:
    • To signal that models are extremely powerful and potentially dangerous.
    • To reassure regulators that OpenAI is responsibly self‑policing.
    • To contrast with and potentially stigmatize open‑source models.
  • Some think the real aim is to collect jailbreak attempts as training data for future safety systems and marketing claims (“safest model”).
  • A minority see value in a narrowly scoped, concrete biosafety red‑teaming effort.

Biorisk framing and model behavior

  • “Bio‑bugs” are described as ways to get the model to provide actionable guidance on harmful biological activities (e.g., weaponization steps), as opposed to high‑level or benign information.
  • Other AI companies’ CBRN/biorisk filters are mentioned as precedent.
  • Some users report current models already over‑blocking benign biology‑related tasks (e.g., sequence analysis, educational illustrations), calling it frustrating false positives.
  • One commenter notes that, despite flaws, over‑blocking is preferable to dangerous false negatives.

Trust in bug bounties

  • Several recount experiences of companies (including OpenAI) declaring impactful issues out‑of‑scope to avoid paying.
  • This fuels broader skepticism that corporate bug bounty programs are fair or trustworthy.