|
|
|
|
|
|
by simonw
155 days ago
|
|
|
I think this is a bad look for OpenAI. Their log viewer should not be rendering Markdown images in a way that can leak data to third parties, and closing this report as "not applicable" mainly tells me that their triage process for BugCrowd is flawed and decisions are being made there by people who don't understand the consequences of this kind of bug. |
|
|
In December I reported a data exfil in OpenAI Agent Builder and it was also closed as Not Applicable, so it's probably still there.
It's also unclear if anyone from OpenAI even ever saw the report. I don't know.
Maybe the incentives are off on some bug bounty platforms or programs, and triagers are evaluated on how fast they respond, and how quickly a ticket is closed rather then what kind of quality tickets they help produce.
It's the only explanation I have for this kind of decisions.