OpenAI Launches ‘Patch the Planet’ Initiative to Secure Open-Source Software OpenAI is moving to turn its powerful cybersecurity AI from a vulnerability-finding tool into a large-scale patching engine, raising hopes for safer open-source software and questions about how to control such capabilities.

On June 22, OpenAI detailed major upgrades to its Daybreak security initiative, anchored by the full release of its GPT‑5.5‑Cyber model to vetted defenders. The company says the model is now “more permissive and more capable for advanced, authorized cybersecurity work,” able to perform deeper analysis across large codebases, validate likely vulnerabilities, and develop and test patches. GPT‑5.5‑Cyber achieved an 85.6% score on OpenAI’s internal CyberGym benchmark, up from 81.8% for GPT‑5.5. An updated Codex Security plugin and a new Daybreak Cyber Partner Program aim to push these tools into commercial security products worldwide.

In parallel, OpenAI launched “Patch the Planet,” a Daybreak initiative built with security firm Trail of Bits to support open-source maintainers. The program pairs AI-assisted security research using OpenAI’s “most cyber-capable models” with expert human review “to not only identify vulnerabilities, but help patch them.” OpenAI stresses the goal is to reduce, not increase, the workload on maintainers: security engineers “review findings before they reach maintainers, work with projects to develop patches and tests, and build reusable workflows” for ongoing security improvements.

Trail of Bits has committed its entire security research organization to the initial surge, working directly with maintainers to validate vulnerabilities, develop and test patches, and coordinate disclosure. Partners HackerOne and Calif will assist with triage and coordinated disclosure. More than 30 open-source projects have signed on, including cURL, Go, Python, Sigstore and pyca/cryptography.

Human commentators highlight both promise and risk. TechCrunch notes that “Patch the Planet” will use OpenAI tools like Codex Security, with Trail of Bits engineers acting like “code EMTs” for open-source projects, but says it’s “somewhat unclear how it will function in the long term, or how it plans to scale up (if at all).” Axios situates OpenAI’s move in a broader race to arm defenders while policymakers scrutinize how advanced AI is evaluated and deployed, warning of a “difficult balancing act” between empowering legitimate security work and preventing misuse.

OpenAI president Greg Brockman framed the initiative succinctly on X: “Patch the Planet: using frontier AI and working with professional security researchers to secure critical OSS projects.”

Continue reading https://foxvector.com/stories/019ef2f1-e034-1c8c-7283-2c09d0c7612f