July 10, 2026, (Inside AI) — OpenAI has transformed its temporary GPT‑5.5 Bio Bug Bounty into a permanent, private initiative called the OpenAI Bio Bounty Program. The program will now target the company’s latest frontier model, GPT‑5.6, while continuing to accept submissions for GPT‑5.5 until July 27, 2026.
The core mission remains unchanged: to uncover universal jailbreaks that can bypass OpenAI’s predefined biosafety challenges. These challenges are designed to test whether a model can be coerced into providing dangerous biological information that could aid in the creation of bioweapons or other threats.
In a significant move, OpenAI has doubled the top reward from $25,000 to $50,000 for a successful universal jailbreak against either GPT‑5.6 or GPT‑5.5. Partial wins may also receive smaller payouts at the company’s discretion.
"The program will remain focused on universal jailbreaks that can defeat our predefined biosafety challenge against OpenAI's frontier models, starting with GPT‑5.6 and going forward," the company stated in its announcement.
This escalation in both scope and reward underscores the high stakes of AI biosafety. As models become more capable in scientific domains, the risk of misuse grows. Earlier this year, OpenAI’s own system card for GPT‑5.5 noted that while the model did not significantly elevate the risk of bioweapon creation, continuous red-teaming was essential.
The transition to a private, ongoing program reflects a broader industry trend. Companies like Anthropic and Google DeepMind have also moved toward closed-door vulnerability testing, citing the sensitivity of biological threat vectors. Public bug bounties, while valuable, can inadvertently expose dangerous jailbreak methods to malicious actors before patches are deployed.
However, some experts argue that private programs reduce transparency and limit the diversity of external researchers who can contribute. Dr. Sarah Kendrick, a biosecurity researcher at the University of Cambridge, noted, "While I understand the need for caution, moving these programs behind NDAs could slow down the broader scientific community's ability to understand and mitigate AI-enabled biological risks."
OpenAI’s new program requires applicants to have an existing ChatGPT account and sign a non-disclosure agreement. Past applicants to the GPT‑5.5 program need not reapply, streamlining the onboarding process. The company has also linked to its broader Safety Bug Bounty and Security Bug Bounty programs for those interested in other areas of AI safety.
The original GPT‑5.5 Bio Bug Bounty, launched in early 2026, was a time-limited experiment to gauge the external research community's ability to crack OpenAI's biosafety guardrails. Its success—both in terms of participation and findings—likely prompted the permanent expansion.
By focusing on universal jailbreaks, OpenAI is targeting the most dangerous class of exploits: those that work consistently across multiple prompts and contexts. This is a higher bar than single-prompt attacks, which are often easier to patch but less indicative of systemic vulnerabilities.
The increased reward to $50,000 also signals that OpenAI expects more sophisticated attacks as its models evolve. In the cybersecurity world, bug bounty payouts often correlate with the difficulty and impact of the vulnerability. A $50,000 bounty is on par with critical zero-day exploits in software, highlighting the severity of a successful biosafety jailbreak.
Interested researchers can apply through a rolling application process. Once accepted, they will be onboarded to a dedicated platform. The program’s private nature means that findings will not be publicly disclosed, but will directly inform OpenAI’s safety mitigations for future models.
As AI systems increasingly interface with sensitive scientific domains, such proactive vulnerability hunting is becoming a cornerstone of responsible deployment. The OpenAI Bio Bounty Program may serve as a blueprint for other labs navigating the treacherous intersection of advanced AI and dual-use biology.