OpenAI launches initiative to find and fix open-source bugs

OpenAI announced on Monday a new initiative called 'Patch the Planet,' aimed at helping the open-source community improve cybersecurity. The name is a reference to the phrase 'Hack the Planet' from the 1995 film Hackers.

Under the initiative, OpenAI will partner with security company Trail of Bits. Security engineers from Trail of Bits will work directly with open-source maintainers to review potential code issues, assisted by OpenAI's tools such as Codex Security.

OpenAI noted that many maintainers are overwhelmed by the volume of reports they need to process with limited time and resources. 'Patch the Planet' is designed to reduce that burden: security engineers review findings before passing them to maintainers, help develop patches and tests, and create reusable workflows for ongoing security improvements.

Open-source projects form the foundation of commercial software, but their decentralized and poorly monitored nature often leads to security vulnerabilities. Bugs in open-source code can cascade into major problems for commercial products, as seen with the log4j incident years ago.

The initiative comes amid growing concerns about AI tools like Anthropic's Mythos, which can automatically identify and exploit vulnerabilities. OpenAI is flipping that paradigm by using AI to help the open-source community defend itself, potentially signaling a competitive move against Anthropic.