OpenAI raises Bio Bounty reward to $50,000 for frontier model jailbreaks

The ongoing private program invites AI red teaming, security and biosecurity researchers to test predefined biosafety challenges for GPT-5.6 and GPT-5.5.

Editorial image showing a laptop with digital padlock graphics, used to illustrate OpenAI’s Bio Bounty Program and its increased reward for universal jailbreaks against predefined biosafety challenges in frontier AI models.

OpenAI has increased the top reward in its Bio Bounty Program to $50,000 for qualifying universal jailbreaks.

OpenAI has doubled the top reward in its Bio Bounty program to $50,000 as it moves the initiative from a GPT-5.5-specific bounty into an ongoing private program for testing biological risk safeguards in frontier AI models.

The OpenAI Bio Bounty Program is focused on universal jailbreaks that can defeat the company’s predefined biosafety challenge. The program starts with GPT-5.6 and will continue with future frontier models.

OpenAI is inviting researchers with experience in AI red teaming, security or biosecurity to apply through a rolling application process. Accepted applicants will be onboarded to the bio bug bounty platform, need an existing ChatGPT account and must sign an NDA.

The reward for a qualifying universal jailbreak has increased from $25,000 to $50,000 for both GPT-5.6 and GPT-5.5. OpenAI says smaller awards may be granted for partial wins at its discretion.

The original GPT-5.5 Bio Bounty Program remains in scope until July 27, 2026. After that date, only GPT-5.6 will remain in scope, unless OpenAI communicates further changes to participating researchers.

Bio bounty becomes an ongoing private program

OpenAI framed the change as part of its work to strengthen safeguards for advanced AI capabilities in biology.

The new structure keeps the program narrow. OpenAI is not opening a general model behavior challenge or inviting broad safety bypass reports through this channel. The target is a universal jailbreak against a predefined biosafety challenge.

OpenAI’s wider bug bounty rules say many model safety issues, including ordinary jailbreaks and content-related model responses, are usually out of scope for traditional security rewards. The Bio Bounty Program carves out a specific area where OpenAI wants controlled testing by approved researchers.

Past applicants to the GPT-5.5 Bio Bounty Program do not need to reapply. New applicants are asked to submit a short application with their name, affiliation and experience.

OpenAI has not provided the number of researchers it expects to accept into the private program.

GPT-5.5 window closes in July

The program creates a short overlap between GPT-5.5 and GPT-5.6.

OpenAI says it will continue to honor the original GPT-5.5 Bio Bounty Program scope until July 27, 2026. The increased $50,000 reward applies to universal jailbreaks for both GPT-5.5 and GPT-5.6 during that window.

After July 27, the Bio Bounty Program narrows to GPT-5.6. OpenAI says future scope changes will be communicated to researchers.

The rolling application process means the program is not tied to a single public competition deadline. Accepted researchers will join the private testing environment after selection and onboarding.

The application requirements also keep the program separate from casual prompt testing. OpenAI is asking for relevant experience in AI red teaming, security or biosecurity, and selected participants will work under an NDA.

Safety and security bounties remain separate

OpenAI is continuing to direct other safety and security reports to separate bounty programs.

Its Safety Bug Bounty Program covers select safety and abuse issues that pose risks to OpenAI users. Listed areas include agentic tools such as Atlas Browser, Codex, Operator, Connectors and other agentic ChatGPT tools, along with OpenAI proprietary information, account and platform integrity, and other novel abuse.

The Security Bug Bounty Program covers vulnerabilities across OpenAI systems and services, including the OpenAI API, ChatGPT, OpenAI-created plugins, OpenAI API keys, research organization systems, Codex and other internet-facing OpenAI infrastructure.

The separation leaves the Bio Bounty Program with a tighter mandate: testing whether approved researchers can find universal jailbreaks against OpenAI’s biosafety challenge for frontier models.

Applications for the OpenAI Bio Bounty Program are open through a rolling process, with GPT-5.5 testing ending on July 27, 2026 and GPT-5.6 remaining in scope after that date.

Previous
Previous

Canva opens Campus Canvassadors applications to U.S. students

Next
Next

Raysil Galan promoted to executive director at EdPlus at Arizona State University