Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Like the fear of AI hacking skills growth, OpenAI On Monday he made several cybersecurity demonstrations announcementsincluding an improved version of GPT-5.5-Cyber based on less security, it expanded its international work with governments and other organizations to give them “reliable access” to the latest cybersecurity technologies, and released its Codex Security scanner as an additional program.
As the company’s progress in AI leaves critical projects at risk of falling behind, the company announced on Monday that it is launching a project known as Patch the Planet, which was launched by the famous security research company Trail of Bits and in collaboration with risk management companies HackerOne and Calif.
The project has already begun its mission to provide free security consulting services to open source developers to not only help them find and install vulnerabilities, but also help them improve their code and integrate AI security tools into their development process. The idea is to provide individualized support to as many open source projects as possible to improve their current security and long-term resilience in a way that is sustainable.
“Patch the Planet is an online service that supports open source software to improve AI search engines,” said Trail of Bits CEO and co-founder Dan Guido. “But I’m also trying to help open source people see the benefits and not just the problems of AI tools.”
Open source developers – often dedicated developers who maintain complex and widely used software with limited resources – often struggle to follow up on bug reports. The growth of AI threat hunting in recent months has, for many caregivers, made the backlog feel insurmountable as AI-induced reports pile up, making it difficult to prioritize and divert less time and attention away from serious mistakes.
Maintainers “do their work because they love open source, and now they’re only looking for low-level CVEs,” says Fouad Matin, director of technology at OpenAI. With Patch the Planet, he says, “what we’ve done well is make it as efficient as possible from the point of view of reducing the burden on maintainers – code reviews, verifying potential reports, patching, and downloading.
Matin adds that his Codex Security scanner, which has been previewing research since earlier this year, OpenAI has been able to support the use of open and private code “up to 20 trillion tokens.”
More than 30 startup projects are participating in Patch the Planet, with more expected to launch. To launch the project, Trail of Bits recently held a five-day launch event where it had 25 engineers, or about one-fifth of the workforce, simultaneously working in collaboration with many maintainers. OpenAI and Trail of Bits say the project has already uncovered dozens of bugs and released many patches in its first week. And Guido says that with funding from OpenAI and countless opportunities, Trail of Bits plans to continue its long-term commitment to Patch the Planet.
“It’s very rare that we get the chance to work on a major security project,” says Guido. “And Patch the Planet is not one-size-fits-all. We talk to all the people who maintain each project and see what their priorities are, whether it’s building better testing facilities or fuzzers or cleaning up the technical details of the whole project because that’s what will make them work faster and work faster and faster.”
