OpenAI Publishes Outbound Coordinated Vulnerability Disclosure Policy
OpenAI has published a formal outbound coordinated vulnerability disclosure (CVD) policy, establishing how the company will handle and disclose security vulnerabilities it discovers in third-party systems or products. This represents a structured commitment to responsible disclosure practices when OpenAI's research or operations uncover vulnerabilities outside its own infrastructure. The policy signals OpenAI's growing role as a security actor with obligations to the broader ecosystem.
Related guides (2)
Related events (8)
OpenAI Launches Bug Bounty Program
OpenAI announced a formal bug bounty program to crowdsource security vulnerability discovery across its products and services. The initiative is framed as part of OpenAI's broader commitment to building secure and trustworthy AI systems. Researchers who find and responsibly disclose vulnerabilities will be eligible for rewards.
OpenAI publishes action plan for AI-powered biodefense and biological resilience
OpenAI released a policy and strategy document outlining an action plan for using AI to strengthen biodefense and biological resilience. The piece positions AI as a tool for countering biological threats at national and global scale. This represents OpenAI's public stance on a high-stakes dual-use domain where AI capabilities intersect with biosecurity policy.
OpenAI publishes public policy agenda covering safety, youth protection, and global standards
OpenAI released a formal public policy agenda outlining its positions on AI safety, youth protection, workforce transition, and international standards. The document represents OpenAI's stated priorities for engaging with governments and regulators. As a tier-1 primary source from a leading frontier lab, it signals how OpenAI intends to shape AI governance discussions.
Introducing the OpenAI Safety Bug Bounty Program
OpenAI has launched a Safety Bug Bounty program targeting AI-specific abuse and safety risks. The program focuses on agentic vulnerabilities, prompt injection, and data exfiltration scenarios. This extends traditional security bug bounty models into AI safety territory, incentivizing external researchers to surface novel attack vectors.
An update on our safety & security practices
OpenAI published an update on its safety and security practices. The post appears to be a high-level overview of the company's current approach to model safety and security. As a Tier 1 source announcement, it likely covers internal safety processes, red-teaming, or policy commitments, though the body text is minimal.
OpenAI endorses EU Code of Practice on AI content transparency
OpenAI announced support for the EU Code of Practice on AI content transparency, committing to provenance standards and tools that help users identify AI-generated content. The announcement positions OpenAI as aligned with European regulatory frameworks for trustworthy AI. This is a policy/regulatory alignment move rather than a technical release.
Strengthening cyber resilience as AI capabilities advance
OpenAI published a post outlining its approach to cybersecurity risk as its models grow more capable, covering risk assessment frameworks, misuse mitigation, and collaboration with the security community. The piece addresses both offensive risk (AI-enabled attacks) and defensive applications. It represents OpenAI's public positioning on responsible deployment in a high-stakes domain.
Moving AI Governance Forward: OpenAI and Leading Labs Make Voluntary Safety Commitments
OpenAI and other leading AI laboratories announced voluntary commitments aimed at reinforcing AI safety, security, and trustworthiness. The commitments represent a coordinated industry response to governance concerns ahead of anticipated regulatory action. This move signals alignment among frontier labs on baseline safety standards, though the voluntary nature leaves enforcement questions open.