OpenAI has launched a new initiative called Patch the Planet as part of its Daybreak cybersecurity program, aimed at supporting the open-source community. The initiative involves collaboration with cybersecurity firm Trail of Bits, which has dedicated its entire security research organization to the project.
Trail of Bits stated that while models like GPT-5.5-Cyber can generate numerous security findings, project maintainers often struggle to differentiate between legitimate vulnerabilities and false positives. Patch the Planet seeks to alleviate this challenge by connecting maintainers with security researchers. These researchers leverage OpenAI’s models and Codex Security to pinpoint vulnerabilities and pre-review findings before they are communicated to maintainers.
The collaboration extends beyond identification, as researchers also assist maintainers in developing and testing patches and establishing workflows for ongoing security improvements. During the first week of Patch the Planet, engineers from Trail of Bits collaborated with 19 open-source projects utilizing OpenAI’s Codex and GPT-5.5-Cyber models. They uncovered hundreds of legitimate bugs, including 51 significant issues, 19 of which have been resolved.
Initial participants in this program included cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org. OpenAI announced plans to include more projects in subsequent rounds of the initiative.
OpenAI initially launched the Daybreak program in May 2023 in response to Anthropic’s Project Glasswing. The Daybreak initiative focuses on integrating cyber defense into software development from the outset, aiming to reduce analysis time from hours to minutes and facilitate rapid generation and testing of patches within repositories.
