OpenAI Launches Full-Scale Effort to Patch Open Source Bugs as It Takes on Anthropic’s Mythos

As fears astir AI hacking capabilities grow, OpenAI connected Monday made a slew of cybersecurity-focused announcements, including an improved mentation of its limited-access security-specialized exemplary GPT-5.5-Cyber, expanded planetary enactment with governments and different institutions to springiness them “trusted access” to the company's latest cybersecurity-focused models, and releasing its Codex Security scanner arsenic an app plugin.

As advances crossed the AI manufacture permission captious unfastened root projects astatine expanding hazard of falling behind, though, the institution besides said connected Monday that it is launching an effort known arsenic Patch the Planet, founded with the salient research-focused information steadfast Trail of Bits and successful collaboration with vulnerability absorption firms HackerOne and Calif.

The task has already begun its enactment offering escaped information consulting services to unfastened root maintainers to not lone assistance them find and spot vulnerabilities, but besides enactment them successful strengthening their codebases and incorporating AI information tools into their improvement process. The thought is to springiness individualized enactment to arsenic galore unfastened root projects arsenic imaginable to amended some their existent information and longterm resilience successful a mode that volition really beryllium sustainable.

“Patch the Planet is an internet-scale effort to assistance unfastened root bundle get up of AI bug hunting tools,” says Trail of Bits CEO and cofounder Dan Guido. “But it's besides an effort to assistance the unfastened root assemblage spot the benefits and not conscionable the downsides of AI coding tools.”

Open root developers—typically volunteers keeping captious and wide utilized bundle afloat with fewer resources—are often already struggling to support up with bug reports. The emergence of AI vulnerability hunting successful caller months has, for galore maintainers, made that backlog consciousness insurmountable arsenic AI-generated slop reports stack up, making it hard to prioritize and pulling already constricted clip and attraction distant from captious flaws.

Maintainers “do their enactment retired of emotion of unfastened root and present they’re stuck reviewing slop CVEs,” says OpenAI's cyber tech pb Fouad Matin. With Patch the Planet, helium says, “what we’ve efficaciously done is marque it arsenic businesslike from a token position arsenic imaginable to trim the load for maintainers—code basal assessments, validating imaginable reports, creating patches, and landing them. We privation to offset costs, whether it's tokens oregon radical power, to really spot arsenic overmuch of the satellite of bundle arsenic possible.”

Matin adds that for its Codex Security scanner, which has been successful probe preview since earlier this year, OpenAI has been subsidizing usage for some unfastened root and backstage codification “to the tune of 20 trillion tokens.”

More than 30 unfastened root projects are already participating successful Patch the Planet with much successful the pipeline to start. To motorboat the project, Trail of Bits precocious conducted a 5 time opening sprint successful which it had 25 engineers, oregon astir a 5th of its workforce, simultaneously moving connected collaborations with an array of maintainers. OpenAI and Trail of Bits accidental the task has already uncovered hundreds of bugs and produced dozens of patches successful conscionable its archetypal week. And Guido says that with backing from OpenAI arsenic good arsenic unmetered exemplary access, Trail of Bits plans to proceed its aggravated committedness to Patch the Planet enactment agelong term.

“It’s truthful uncommon that we get the accidental to enactment connected ample standard unfastened root information issues,” Guido says. “And Patch the Planet is not a 1 size fits all. We talk to each the maintainers for each azygous task and fig retired what their highest priorities are, whether it’s gathering amended investigating infrastructure oregon customized fuzzers oregon conscionable cleaning up method information crossed the task due to the fact that that’s what’s going to marque them enactment faster and run faster and spot faster.”