Incident Timeline: OpenAI "o3-mini" Model Vulnerability

• March 9, 2025: Neural Inverse prepares a public timeline and incident report to share on their official website.
• March 8, 2025: Due to the lack of response, Neural Inverse decides to publicly disclose the issue to raise awareness — drafting reports for their website and planning social media escalation.
• March 7, 2025: Neural Inverse contacts Noam Brown (Research Scientist at OpenAI) to push for an internal review — awaiting response.
• March 6, 2025: Neural Inverse contacts Yunyun W. (TPM, AI Safety and Model Policy at OpenAI) via email to escalate the issue — no acknowledgment.
• March 5, 2025: Bugcrowd rejects the re-submitted report again, citing "out of scope" policies despite the security risks. Neural Inverse reaches out directly to security@openai.com and safety@openai.com — no response.
• March 4, 2025: Neural Inverse re-submits the report to Bugcrowd with further evidence — including videos, images, and chat logs.
• March 3, 2025: Bugcrowd dismisses the initial report, misclassifying the issue as a "model safety" concern.
• March 2, 2025: Initial report submitted to Bugcrowd.
• March 1, 2025: Neural Inverse discovers a critical vulnerability in OpenAI's "o3-mini" model — the AI processes NSFW images, generates explicit content, and escalates responses without prompt manipulation.

‍

‍