OpenAI launches Patch the Planet to strengthen open-source software security
OpenAI launches Patch the Planet, leveraging AI and security experts to help open-source projects find and fix vulnerabilities.
OpenAI has introduced a new initiative, Patch the Planet, as part of its Daybreak cybersecurity programme, aiming to improve security across the open-source software ecosystem. The project brings together artificial intelligence tools and cybersecurity experts to help developers identify and fix software vulnerabilities more efficiently.
Table Of Content
The initiative is being carried out in partnership with cybersecurity company Trail of Bits, which has dedicated its entire security research team to the effort. The programme seeks to address a growing challenge in software security, where AI-powered tools can uncover large numbers of potential vulnerabilities but often generate more findings than project maintainers can realistically review.
Open-source projects play a critical role in modern technology infrastructure, powering everything from websites and cloud services to enterprise applications. However, many of these projects are maintained by small teams with limited resources, making it difficult to manage the increasing volume of security reports generated by advanced AI systems.
Combining AI and human expertise
According to Trail of Bits, modern AI models such as GPT-5.5-Cyber can produce “a firehose of security findings” for software projects. While this capability can help uncover weaknesses that may otherwise go unnoticed, it also creates additional work for maintainers who must determine which reports represent genuine security risks and which are false positives.
Patch the Planet has been designed to reduce that burden. Instead of sending raw AI-generated findings directly to project maintainers, security researchers first review and validate the results. These researchers use OpenAI’s latest AI models alongside Codex Security tools to identify potential vulnerabilities and assess their accuracy before sharing them with development teams.
Once legitimate issues have been confirmed, researchers collaborate with maintainers to create, test and deploy security patches. The teams also develop practical workflows that project maintainers can continue using to strengthen their software security over time.
This approach combines the speed and scale of artificial intelligence with the judgment and expertise of experienced cybersecurity professionals. By filtering findings before they reach maintainers, the programme aims to ensure that development teams can focus on genuine threats rather than spend time reviewing inaccurate reports.
Early results reveal significant vulnerabilities
During the initiative’s first week, Trail of Bits security engineers worked with 19 open-source projects using OpenAI’s Codex and GPT-5.5-Cyber models. The early results suggest that the programme may have a meaningful impact on improving software security across widely used projects.
Trail of Bits reported that its engineers identified hundreds of legitimate software bugs during the programme’s initial phase. Among those discoveries were 51 notable security issues that required attention. The company said that 19 of those issues have already been fixed, with work continuing on the remaining vulnerabilities.
Several major open-source projects participated in the first round of Patch the Planet. These included cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python and python.org. Many of these projects form part of the core infrastructure used by developers and organisations worldwide.
The discovery and remediation of vulnerabilities in these widely adopted projects could have broader benefits for software security across the technology industry. OpenAI stated that additional projects are expected to join future rounds of the programme, potentially expanding its reach and impact over time.
The initiative also serves as a test of how AI systems can be integrated into real-world cybersecurity workflows. Rather than replacing human experts, the programme demonstrates how AI can support researchers by accelerating the discovery and analysis of vulnerabilities.
Daybreak expands OpenAI’s cybersecurity ambitions
Patch the Planet is the latest development in OpenAI’s broader Daybreak cybersecurity programme, launched in May. The programme was introduced shortly after Anthropic announced its own cybersecurity initiative, Project Glasswing, highlighting increasing competition among AI companies to apply their technology to digital security challenges.
When unveiling Daybreak, OpenAI explained that the programme is based on the idea that cybersecurity should be built into software development rather than relying solely on identifying and repairing flaws after they are introduced. The company argued that stronger security practices should become an integral part of the development process from the beginning.
A key objective of Daybreak is to reduce the time required for security analysis dramatically. OpenAI has stated that tasks that traditionally take hours could be completed in minutes using advanced AI systems. Another goal is to accelerate the generation and testing of software patches within code repositories, enabling developers to respond to vulnerabilities more quickly.
The launch of Patch the Planet reflects this broader strategy by bringing AI-driven vulnerability discovery together with expert human oversight. As open-source software continues to underpin much of the internet and enterprise technology, initiatives that help maintainers identify and fix security weaknesses more efficiently may become increasingly important.
