OpenAI Launches GPT-5.5 Bio Bug Bounty to Test Universal Jailbreak Risks

OpenAI has launched a GPT-5.5 Bio Bug Bounty program to test whether advanced AI systems can resist universal jailbreaks in biology-related safety scenarios. The program invites vetted researchers to find one prompt that can bypass GPT-5.5’s biosecurity protections across a five-question safety challenge.

The challenge focuses on GPT-5.5 inside Codex Desktop only. OpenAI said the goal is to identify a universal jailbreaking prompt that can answer all five bio safety questions from a clean chat without triggering moderation.

The company is offering $25,000 to the first participant who finds a true universal jailbreak that clears the full challenge. OpenAI may also grant smaller rewards for partial successes, depending on the result.

OpenAI is narrowing the test to one high-risk scenario

The new bounty does not cover every possible GPT-5.5 safety issue. OpenAI has designed it around one specific biosecurity test: whether one reusable jailbreak can defeat safeguards across all five challenge questions.

That narrow scope matters. Universal jailbreaks create more risk than one-off prompt failures because attackers can reuse them across sessions, users, and workflows.

OpenAI said it wants researchers with experience in AI red teaming, security, or biosecurity. The company will invite trusted bio red-teamers and review applications from new researchers with relevant backgrounds.

Program timeline and requirements

Detail	GPT-5.5 Bio Bug Bounty
Program announced	April 23, 2026
Model in scope	GPT-5.5 in Codex Desktop only
Main challenge	Find one universal jailbreak prompt
Safety area	Biology and biorisk safeguards
Top reward	$25,000
Applications close	June 22, 2026
Testing starts	April 28, 2026
Testing ends	July 27, 2026
Access	Application and invitation only
Disclosure rules	NDA covers prompts, outputs, findings, and communications

Accepted participants must submit an application with their name, affiliation, and experience. OpenAI said successful applicants and collaborators must already have ChatGPT accounts and must sign a non-disclosure agreement before taking part.

All prompts, completions, findings, and related communications will remain under NDA. That means researchers cannot publicly share successful jailbreaks or detailed outputs from the challenge.

Why biology is a major AI safety focus

Biology has become one of the most sensitive areas for frontier AI safety because advanced models may help users reason through complex scientific workflows. Strong safeguards matter when those workflows could involve harmful biological misuse.

OpenAI’s bounty targets the risk that a model might follow unsafe biological instructions after a carefully designed prompt. A universal jailbreak would show that the same prompt can repeatedly weaken protections, not just trigger one isolated failure.

The program also shows how AI safety work now overlaps with cybersecurity. Instead of only testing software bugs, researchers now probe prompts, refusal behavior, moderation systems, and model responses under adversarial pressure.

OpenAI expands bug bounty-style safety testing

Bug bounty programs usually reward researchers for finding software flaws before attackers exploit them. OpenAI is applying a similar model to AI safety by asking experts to test whether GPT-5.5 can resist structured jailbreak attempts in a controlled program.

The company also points researchers to its broader Safety Bug Bounty and Security Bug Bounty programs. OpenAI lists both as separate efforts for people interested in supporting safe and secure artificial intelligence beyond the bio-focused bounty.

This structure suggests OpenAI wants different testing lanes for different risks. Security bugs, safety failures, and biosecurity jailbreaks may need different researchers, rules, rewards, and disclosure limits.

What researchers need to prove

Participants must find a single universal prompt that works from a clean chat. It must make GPT-5.5 answer all five bio safety questions without prompting moderation.

That is a stricter target than finding a prompt that works once. A successful submission must show consistency across the full challenge and must bypass the protections OpenAI built for that evaluation.

The top reward goes only to the first true universal jailbreak that clears all five questions. OpenAI may still pay smaller awards for partial wins, but those remain discretionary.

Key points

• OpenAI opened applications for the GPT-5.5 Bio Bug Bounty on April 23, 2026.
• The program tests GPT-5.5 only inside Codex Desktop.
• Researchers must find one universal jailbreak prompt.
• The jailbreak must clear five bio safety questions from a clean chat.
• The top reward is $25,000.
• Applications close on June 22, 2026.
• Testing runs from April 28 to July 27, 2026.
• Access is limited to invited and accepted researchers.
• All prompts, outputs, findings, and communications fall under NDA.

Summary

1. OpenAI launched a GPT-5.5 Bio Bug Bounty focused on universal jailbreaks.
2. The test targets biology-related safety safeguards in GPT-5.5 inside Codex Desktop.
3. The top reward is $25,000 for the first full five-question bypass.
4. OpenAI will invite trusted bio red-teamers and review new applications.
5. The program reflects a broader shift toward AI safety testing through controlled bounty models.

FAQ