#Tokens Bypass Bug in codex-javascript-sandbox makes one request exhaust 20k tokens on repeat

Found a bug in https://beta.openai.com/codex-javascript-sandbox where a simple request get's the model to keep spitting out random thing. I added a white cover cause the data contained auth tokens and other potentially sensitive data.

I believe it's a bug that allows the bypassing of the token limits since it keeps going till 20K tokens are reached, then if I refresh and send it again it goes on another 20k.

Is there any bug bounty program? I emailed a week ago asking support about it and about a consent for testing for such bugs and trying cybersecurity related things with the various models but got nothing.

Hii bro? Can you provide me tips on how to do bug hunting?

https://help.openai.com/en/articles/6653653-how-to-report-security-vulnerabilities-to-openai

understand the scope or you will be in legal trouble and sued

best tip i can give

bug hunting usually means vulnerability hunting
which requires u to understand how stuff work before you know where to poke and find broken stuff so if ur interested and dont know how to i recommend picking up a course to learn basics like privilege escalation / reverse shell etc and then understand the programming language that is used stuff like basic sql commands what it does what it spits out how can u do sql injections (tho most of these company that offer bug bounties wont have such basic vulnerability)

practice on hack the box or tryhackme and do CTFs