OpenAI's GPT-5.5 Bio Bug Bounty entered its testing phase on April 28. The program invites vetted bio red-teamers to attempt a 'universal jailbreak' — a single prompt, from a clean chat, that gets GPT-5.5 in Codex Desktop to answer all five questions in OpenAI's biosafety challenge set without triggering moderation. The top reward is $25,000, with smaller awards for partial findings. Applications opened April 23 and close June 22; testing runs through July 27.
The constraint is the point. Most red-team exercises measure whether a model can be tricked at all. This one explicitly measures whether one prompt generalizes — because a universal bypass is what scales harm. If a researcher needs five different elaborate setups to extract five different unsafe answers, the attack surface is finite. If a single prompt unlocks them all, every downstream user has the same key.
Bio threats sit at the top of OpenAI's, Anthropic's, and the U.S. AI Safety Institute's published risk hierarchies, and the formalization of bounty programs around them is a maturing pattern. Anthropic ran a similar exercise around its ASL-3 deployment, and the U.K. and U.S. safety institutes have run pre-deployment tests on frontier models for biosecurity capabilities. What is unusual here is the public, scoped, paid format — closer to traditional cybersecurity bug bounties than the closed expert evaluations of two years ago.
Takeaway for learners: red-teaming is a profession now, not a hobby. If you are interested in safety as a career, the skills that matter look like the union of prompt engineering, infosec methodology, and domain knowledge of the threat model — biology, chemistry, cyber. Programs like this one are how new entrants build a track record, and how labs decide who to trust with pre-deployment access to the next model.