OpenAI launches Patch the Planet to help secure open-source software with AI security tools

Reviewed byNidhi Govil

9 Sources

Share

OpenAI unveiled Patch the Planet, a major initiative partnering with Trail of Bits to help open-source maintainers find and patch vulnerabilities using AI-driven cybersecurity tools. The effort addresses a critical bottleneck as AI models now discover bugs faster than defenders can fix them, leaving security teams overwhelmed with reports.

OpenAI Tackles Open-Source Security Crisis With New Initiative

OpenAI announced a sweeping expansion of its cybersecurity efforts on Monday, unveiling Patch the Planet—an initiative designed to help open-source maintainers manage the growing flood of open-source vulnerabilities that AI tools are now uncovering at unprecedented speed

1

. Founded with security firm Trail of Bits and developed in collaboration with HackerOne and Calif, the program aims to patch open-source bugs before they become critical threats to the broader software ecosystem

2

.

Source: Wired

Source: Wired

The timing reflects a fundamental shift in the cybersecurity landscape. While finding vulnerabilities was once the primary challenge, the bottleneck has now moved to vulnerability patching itself

3

. AI models can navigate large codebases and flag security issues faster than human teams can validate and fix them, creating an overwhelming backlog for already resource-strapped open-source maintainers.

How Patch the Planet Works to Support Security Defenders

Patch the Planet offers free security consulting services to open-source projects, with Trail of Bits engineers functioning as code EMTs who review findings before they reach maintainers [1](https://techcrunch.com/2026/06/22/openai-l aunches-new-initiative-to-help-find-and-patch-open-source-bugs/). The initiative uses Codex Security and OpenAI's models to conduct codebase analysis, validate potential reports, create patches, and build reusable workflows that help teams continue improving security after initial fixes land

2

.

Source: SiliconANGLE

Source: SiliconANGLE

More than 30 open-source projects are already participating, including cURL, Python, the Go project, Sigstore, and pyca/cryptography

3

. During an initial five-day sprint, Trail of Bits deployed 25 engineers—roughly a fifth of its workforce—simultaneously working on collaborations with maintainers, uncovering hundreds of bugs and producing dozens of patches in just the first week

2

.

"Patch the Planet is an internet-scale effort to help open source software get ahead of AI bug hunting tools," says Trail of Bits CEO Dan Guido

2

. OpenAI has been subsidizing usage of Codex Security "to the tune of 20 trillion tokens" for both open-source and private code

2

.

GPT-5.5-Cyber Outperforms Anthropic on CyberGym Benchmark

Alongside Patch the Planet, OpenAI released the full version of GPT-5.5-Cyber, its most capable model for finding and helping patch software vulnerabilities

3

. The updated model achieved an 85.6% score on the CyberGym benchmark, which measures whether an AI agent can reproduce known vulnerabilities in testing environments—an improvement from 81.8% for standard GPT-5.5 and beating Anthropic's Mythos 5, which scored 83.8%

2

.

Source: Digit

Source: Digit

The model can sustain deeper analysis across large codebases to identify security issues, validate them in controlled environments, and develop and test patches

3

. Access remains restricted to vetted security defenders through OpenAI's Trusted Access for Cyber program

5

.

Daybreak Initiative Uncovers Critical Vulnerabilities Across Major Systems

The broader Daybreak initiative has already surfaced significant vulnerabilities across operating systems and web browsers. Findings include 8 kernel pointer information leak proofs-of-concept and 24 local privilege escalation exploits in the Linux Kernel, a 23-year-old use-after-free flaw in OpenBSD's kernel, and 34 vulnerabilities with 7 local privilege escalation PoCs in FreeBSD

3

.

Browser security work proved particularly productive. Researchers reported 5 exploitable vulnerabilities in Google Chrome's V8 JavaScript engine and more than 10 exploitable Apple Safari vulnerabilities

5

. Mozilla patched a WebAssembly vulnerability (CVE-2026-8390) in Firefox just two days before Pwn2Own Berlin, after which five of six Firefox entries registered for the contest withdrew

5

.

AI Security Tools Address Growing Threat of AI-Generated Bug Reports

The initiative addresses mounting concerns about AI-generated bug reports overwhelming maintainers. Research from the Linux Foundation and Harvard found that 94% of widely used projects had fewer than 10 developers responsible for more than 90% of code added annually

5

. Many maintainers struggle to sort through AI-generated slop reports that make backlogs feel insurmountable

2

.

OpenAI is also launching the Daybreak Cyber Partner Program, allowing vetted security vendors to integrate GPT-5.5 with Trusted Access for Cyber into their products and services

4

. Launch partners include Accenture, Cisco, CrowdStrike, IBM, Okta, Palo Alto Networks, and Wiz

5

.

Since its research preview launched in March, Codex Security has scanned more than 30 million commits across more than 30,000 codebases, with human reviewers marking more than 70,000 findings as fixed

5

. OpenAI has established Trusted Access partnerships with Australia, Canada, France, Germany, Japan, South Korea, Poland, and EU institutions

3

4

. The announcements come as Anthropic faces regulatory challenges, with its Mythos 5 and Fable 5 models pulled from the market amid Trump administration concerns about AI cybersecurity capabilities

2

.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved