OpenAI is launching a new cybersecurity initiative aimed at helping open-source software maintainers find, verify, and patch security bugs, as the AI industry faces growing pressure over how advanced models could change both hacking and defense.
OpenAI announced “Patch the Planet” on Monday as a new initiative designed to help the open-source community improve cybersecurity and “ward off bugs”.
The Daybreak initiative was built with Trail of Bits to help maintainers strengthen the critical open-source software the world relies on by pairing AI-assisted security research with expert human review.
OpenAI Teams With Trail of Bits
The program brings together OpenAI’s security tools and outside human security expertise.
TechCrunch reported that OpenAI will team up with security company Trail of Bits to help open-source maintainers secure their projects.
OpenAI said Trail of Bits has committed its entire security research organization for the initiative’s initial surge, working directly with maintainers to investigate and validate vulnerabilities, develop and test patches, and coordinate disclosure.
The initiative is also bringing in more partners. OpenAI said it will partner with HackerOne and Calif to extend the work through vulnerability triage, coordinated disclosure, and additional focused vulnerability discovery.
Reducing the Burden on Maintainers
The program targets a long-running problem in open source: many projects are widely used but maintained by small teams or volunteers. Many maintainers are already being asked to sort through more reports, more quickly, while still working with limited time and resources.
Patch the Planet is designed to reduce that burden, not add to it, with security engineers reviewing findings before they reach maintainers, developing patches and tests, and building reusable workflows.
WIRED reported that open-source developers are often struggling to keep up with bug reports, and that AI vulnerability hunting has made the backlog feel “insurmountable” for some maintainers.
OpenAI cyber tech lead Fouad Matin framed the problem in blunt terms. Matin said that maintainers do their work out of love of open source, but are now stuck reviewing slop CVEs.
AI Tools Will Assist, but Humans Stay in the Loop
OpenAI said the effort will use frontier models and Codex Security to support analysis, patch development, testing, and documentation.
OpenAI said participating projects will receive access to ChatGPT Pro, conditional access to Codex Security, and API credits for open-source development, maintainer automation, and release workflows.
The company emphasized that the process is not meant to hand unchecked AI reports directly to project owners.
Trail of Bits engineers manually reviewed every security issue before submitting it to maintainers, removing duplicates, checking project-specific documentation, reassessing severity, and prioritizing confirmed vulnerabilities.
Early Work Has Already Found Bugs
The project has already produced early results. Trail of Bits has dedicated security engineers working full-time with Codex and GPT-5.5-Cyber across 19 open-source projects, identifying hundreds of security issues and merging dozens of patches.
More than 30 open-source projects are already participating in Patch the Planet, with more in the pipeline.
The early participants include important software infrastructure. OpenAI listed initial participants including cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org.
A Cybersecurity Race With Bigger Stakes
The launch comes as AI companies compete to show that advanced cyber models can strengthen defense rather than only increase offensive risk. OpenAI’s announcements included an improved GPT-5.5-Cyber model, expanded trusted access work with governments and institutions, and the release of Codex Security scanner as an app plug-in.
For OpenAI, Patch the Planet is both a security program and a statement about the direction of AI-assisted cybersecurity.
If AI tools can accelerate vulnerability discovery, the harder challenge is making sure that patches, tests, and responsible disclosure move just as quickly.
The initiative’s success may depend less on how many bugs AI can find and more on whether maintainers can safely turn those findings into real fixes.
