OpenAI Launches 'Patch the Planet' Initiative to Protect Open-Source Projects

OpenAI has announced a new initiative called 'Patch the Planet', part of its Daybreak cybersecurity program, aimed at supporting the open-source community. The company is collaborating with cybersecurity firm Trail of Bits, which has committed its entire security research organization to the project.

In its announcement, Trail of Bits noted that while models like GPT-5.5-Cyber can produce a flood of security findings, project maintainers—who are already stretched thin—would have to sift through all of them to identify real vulnerabilities from false positives. 'Patch the Planet' is designed to reduce this burden by pairing maintainers with security researchers, who use OpenAI's top models and Codex Security to identify vulnerabilities and review findings before they reach the maintainers. The researchers then work with maintainers to develop and test patches, as well as to create workflows for ongoing security improvements.

During the first week, Trail of Bits' security engineers worked with 19 open-source projects using OpenAI's Codex and GPT-5.5-Cyber models. The company reported that its engineers discovered hundreds of legitimate bugs and 51 issues, 19 of which have already been fixed. Participants in the first round include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org. OpenAI stated that more projects will join in future rounds.

Daybreak was launched in May in response to Anthropic's Project Glasswing. At the time, OpenAI explained that Daybreak is built on the premise that cyber defense should be embedded in software from the start, rather than focusing solely on finding and fixing vulnerabilities. Its goals are to reduce analysis time from hours to minutes and to quickly generate and test patches within repositories.