OpenAI announced its new initiative called Patch the Planet to support security efforts in the open source software ecosystem. The initiative, implemented under the company’s Daybreak cybersecurity program, aims to help detect vulnerabilities in open source projects faster and more effectively. In this context, OpenAI is working with cyber security company Trail of Bits. Trail of Bits announced that it has allocated its entire security research organization to the project.
Open source projects are used in a wide range of areas, from internet infrastructure to corporate applications. Despite this, a significant portion of these projects are carried out by a limited number of developers. With the widespread use of artificial intelligence models in security research, the number of reports faced by project managers is also increasing. However, not all of these reports contain actual vulnerabilities. False positive results and incompletely validated findings can increase the workload of care teams.
In the statement made by Trail of Bits, it is stated that advanced models such as GPT-5.5-Cyber can produce many potential security findings. Even so, project managers must spend additional time distinguishing real threats from false alarms. Patch the Planet initiative aims to make this process more manageable.
Patch the Planet brings together security researchers and project teams
Within the scope of the program, security researchers examine potential vulnerabilities in open source projects by using OpenAI’s advanced models and Codex Security tools. The findings are verified and evaluated by expert teams before reaching the project managers. This way, the aim is for maintenance teams to focus only on real and priority security problems.
In addition, researchers work with project teams to eliminate detected security vulnerabilities. The process is not limited to error detection only. At the same time, the scope of the program also includes the development and testing of fixes and the creation of workflows to more easily manage similar problems in the future. This approach aims to strengthen the long-term security capacity of open source projects.
In the first week of the program, Trail of Bits engineers worked on 19 different open source projects using OpenAI’s Codex and GPT-5.5-Cyber models. According to the information provided by the company, hundreds of valid bugs were detected and a total of 51 security issues were confirmed. It is stated that 19 of these problems have already been resolved.
Among the projects participating in the program in the first phase are widely used platforms such as cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, Go project, freenginx, Python and Python.org. Many of these projects play a critical role in internet infrastructure and software development processes. OpenAI states that more open source projects will join the initiative in the future.
OpenAI announced the Daybreak program in May in response to Anthropic’s Project Glasswing initiative. The company explained that Daybreak’s basic approach is to integrate security into systems from the beginning of the software development process. This approach envisages the inclusion of defense mechanisms earlier in the development process, rather than focusing solely on detecting and fixing vulnerabilities.
In addition, Daybreak’s goals include reducing security analyzes that can take hours to minutes and quickly creating and testing fix suggestions within code repositories. While the role of artificial intelligence-supported tools in this field is increasing, the position of human experts in the verification and evaluation process remains important. The Patch the Planet initiative aims to contribute to more efficient security work in open source projects by bringing these two approaches together.