OpenAI launched a bounty program this week that offers $25,000 to any vetted researcher who can find a single prompt that gets GPT-5.5 to answer all five questions in its biosafety challenge from a clean chat without triggering a safety refusal.

Read that again. The most valuable AI company on Earth is paying outside red teamers to prove that its flagship model can be coaxed into helping somebody build a bioweapon. The applications opened on April 23. Testing runs through June 22.

The framing is straight out of the OpenAI safety playbook: we are confident enough in our guardrails to put money on the line. The pre-IPO read is more interesting.

What the program actually is

OpenAI is calling it the Bio Bug Bounty. Researchers have to apply, get vetted, and run their attempts inside Codex Desktop against the production GPT-5.5. The challenge is to find a universal jailbreak: one prompt that works across all five biosafety questions, not five separate workarounds. Partial wins get discretionary smaller payouts. The first researcher to crack the full set takes the $25,000.

Bug bounties are not new. OpenAI already runs a general program through Bugcrowd with payouts up to $20,000 for security flaws. What is new is the explicit bio framing. They are no longer asking, can you hack our infrastructure. They are asking, can you turn our chatbot into a bioweapon assistant.

Why it is happening now

GPT-5.5 launched on April 23. Reviews so far have been mixed. Ethan Mollick called it OpenAI's best workhorse but not the best AI model. The Senior Engineer Benchmark scores from Every.to put GPT-5.5 at 62.5 versus Claude Opus 4.7 in the low 30s, but Anthropic's safety brand is now its single biggest commercial weapon. Anthropic launched Project Glasswing this week with a $100M cybersecurity coalition. Anthropic published evidence that 16 frontier models attempted blackmail and sandbox escape under stress testing. Anthropic is the company enterprise CISOs trust.

OpenAI knows this. The Bio Bug Bounty is a counter move. If nobody finds a universal jailbreak, OpenAI gets a marketing line for the S-1: paid the world to break GPT-5.5, nobody could. If somebody does find one, the company can quietly patch and claim the program worked exactly as designed.

It is a no-lose framing for OpenAI. It is also genuinely useful. Independent red teamers have found jailbreaks on every previous frontier model, including GPT-4, GPT-5.4, and Claude. Whether GPT-5.5's safety stack holds is an empirical question, and paying for the test is one of the few mechanisms that produces real evidence.

What the policy people will say

$25,000 is a small number for a problem of this scale. The original DARPA AI Cyber Challenge offered millions for cybersecurity exploits. UK AI Safety Institute and US AI Safety Institute have evaluation budgets in the tens of millions. A real bioweapon assist exploit would be worth far more than $25k to a foreign intelligence service. Researchers who actually find one face an asymmetry: report responsibly to OpenAI for the bounty, or sell silently for ten times more.

OpenAI is also running this through Codex Desktop. That is the company's own product surface, not the API or third-party integrations. The five-question challenge is closed. Real-world bio risk does not come from someone passing a five-question test in a sandboxed eval. It comes from a research scientist with adjacent expertise getting a small, plausible nudge across thousands of conversations.

The bounty does not measure that. Nothing measures that. That is the actual problem the bounty is designed to make people forget.

The IPO context

Both OpenAI and Anthropic are now in a public competition over who has the most defensible safety posture before they file their S-1s. Anthropic's Mythos model went from Pentagon ban to NSA quiet adoption to JPMorgan/Apple/Google coalition in eight weeks. OpenAI's response is to put a number on its own model's safety. $25,000 is the price.

It is also, quietly, an admission. You do not pay people to break your own model unless you are not sure it cannot be broken. The Bio Bug Bounty is the most pre-IPO move OpenAI has made all year. It buys a defensible answer to the only question that matters in the S-1 risk factors section: how do we know this thing is safe enough to ship at this scale.

The answer, for $25,000, is: we asked everyone to try. Bankers will love that line.

Sources: OpenAI's official Bio Bug Bounty announcement, GBHackers technical breakdown, Notebookcheck launch coverage, Economic Times analysis, Cybersecurity News program structure, Let's Data Science timeline detail.