OpenAI launches Patch the Planet to help secure open source software

OpenAI unveiled Patch the Planet on June 22, 2026, a new program to help open source communities detect and patch software vulnerabilities ^{[1, 2, 3, 4]}. The effort is part of OpenAI's broader Daybreak cybersecurity program and involves close collaboration with the security firm Trail of Bits ^{[1, 2, 3, 4]}.

Trail of Bits engineers work alongside open source maintainers to review potential security issues, develop patches, and create sustainable security workflows. OpenAI uses its security tools, including Codex Security and the GPT-5.5-Cyber model, to assist in vulnerability detection and remediation ^{[1, 2, 3, 4]}. Dan Guido, CEO of Trail of Bits, said, "Patch the Planet is an internet-scale effort to help open source software get ahead of AI bug hunting tools. But it's also an effort to help the open source community see the benefits and not just the downsides of AI coding tools" ^[2].

In the first week since launch, Trail of Bits engaged with 19 open source projects, discovering hundreds of legitimate bugs and fixing 19 of them ^[3]. More than 30 open source projects have committed to Patch the Planet, including high-profile names like cURL, Go, Python, Sigstore, and pyca/cryptography ^{[3, 4]}. Fouad Matin, OpenAI’s cyber tech lead, described how the program reduces burden on maintainers, saying, "Maintainers do their work out of love of open source and now they’re stuck reviewing slop CVEs. With Patch the Planet, what we’ve effectively done is make it as efficient from a token perspective as possible to reduce the burden for maintainers—code base assessments, validating potential reports, creating patches, and landing them" ^[2].

OpenAI launched the Daybreak program in May 2026 to enhance cybersecurity through AI tools and partnerships, similar to Anthropic’s Project Glasswing ^{[3, 4]}. Codex Security cloud, previewed in March, has scanned over 30,000 repositories and 30 million commits, automatically fixing over 500,000 issues ^[4]. The GPT-5.5-Cyber model is tailored for advanced cybersecurity tasks and has outperformed previous models in numerous benchmarks ^{[2, 4]}.

IBM has partnered with OpenAI to integrate AI capabilities in enterprise security and launched a new application security service built on Project Lightwell, which is backed by a $5 billion investment from IBM and Red Hat ^[5]. Mark Hughes, IBM Consulting’s global managing partner for cybersecurity services, said, "The OpenAI (programme) expands our access to a broader set of advanced AI capabilities, which we deploy within our clients’ environments to help surface the most relevant risks faster and help them act with confidence" ^[5].

OpenAI also activated a Daybreak Cyber Partner Program allowing security firms to incorporate GPT-5.5 and Trusted Access for Cyber into their products. The company maintains partnerships with governments and agencies including the US federal government, Australia, Canada, France, Germany, Japan, South Korea, and ENISA, the EU cybersecurity agency ^[4].

Patch the Planet will continue expanding collaboration with open source projects to improve code security at internet scale. Security teams and maintainers can expect further support and tools from OpenAI as the program develops.