OpenAI announced the launch of the Patch the Planet project, aimed at improving the security of critical open source projects. The initiative is being implemented within the framework of the Daybreak program together with the Trail of Bits company and with the participation of the HackerOne and Calif organizations. The initiative’s goal is to help open source software maintainers identify, test and fix vulnerabilities using AI tools and security audits, amid an increase in the flow of bug reports that maintainers often lack the time and resources to analyze.
Unlike typical automated bug scanning programs, Patch the Planet is positioned as a full-service service: in addition to identifying potential problems, participants are helped to prepare fixes, integrate them into the code base, and implement processes for testing and strengthening security. The results of the AI models undergo mandatory manual testing and review by engineers specializing in computer security.
At the first stage, 19 open projects were connected to the program, to which Trail of Bits employees are assigned, working on the project full-time and having access to Codex tools and the GPT‑5.5‑Cyber model. Projects supported include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, Go, freenginx and Python. It is noted that hundreds of errors have already been identified at the initial stage and dozens of fixes have been prepared.
Among the projects in which vulnerabilities have recently been identified using Codex and GPT‑5.5‑Cyber, 24 exploits for local privilege escalation in the Linux kernel, a 23-year-old root vulnerability in the implementation of System V semaphores in the OpenBSD kernel, 7 exploits for local escalation are mentioned privileges in FreeBSD, 4 vulnerabilities in dnsmasq, HTTP/2 Bomb vulnerability in NGINX, Apache, IIS and Pingora, exploitable vulnerabilities in Chrome, Safari and Firefox. In addition to eliminating specific vulnerabilities, the project provides for the creation of an infrastructure for the further use of AI agents in supporting open source software, including the development of specialized tests, fuzzers and code analyzers.