OpenAI has announced Patch the Planet, a new Daybreak initiative that provides free AI-assisted security audits to critical open-source projects. The program pairs OpenAI's most advanced cyber-capable models with Trail of Bits security engineers to identify, validate, and patch vulnerabilities — not just report them.
What Is "Patch the Planet"?
Announced on June 22, 2026, Patch the Planet is an unusual move for OpenAI. Rather than selling more API credits or enterprise tools, it's offering free security engineering to open-source maintainers. Trail of Bits has committed its entire security research organization to the effort for an initial "surge" period.
The program works like this:
1. Maintainers contact OpenAI/Trail of Bits and align on where security work is most needed 2. Trail of Bits engineers use GPT-5.5-Cyber and Codex Security to analyze codebases 3. AI-assisted workflows handle deduplication, false-positive filtering, severity scoring, and initial patch generation 4. Engineers validate findings, develop production-ready patches, write tests, and coordinate disclosure with the project
Initial Participating Projects
The first wave includes major infrastructure projects: cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org. These are projects that underpin networking, cryptography, software supply chain, and language infrastructure used by millions of devs and enterprises.
Early Results
According to OpenAI's announcement, Trail of Bits engineers working with Codex and GPT-5.5-Cyber have already:
• Identified hundreds of security issues across 19 open-source projects
• Merged dozens of patches
• Built reusable security infrastructure including fuzzing harnesses, CVE analysis pipelines, differential testing systems, and threat models
• Created a fuzzing lab covering dozens of entry points in less than one day using repeated Codex /goal runs
Why This Matters
Open source maintainers are chronically under-resourced for security. The Log4j debacle showed how a single unpatched vulnerability in a widely-used library can cascade into a global incident. AI-assisted vulnerability discovery is accelerating — Anthropic's Mythos security tool demonstrated this capability — and Patch the Planet turns that same acceleration toward defense rather than offense.
Participating projects also get free ChatGPT Pro access, conditional Codex Security access, and API credits for ongoing maintainer automation.
The Competitive Angle
It's hard to miss the timing. Anthropic's Mythos 5, released shortly before the US export order changed access, made headlines for AI-powered vulnerability discovery. OpenAI's Patch the Planet is effectively the defensive counterpart — using similarly capable AI models but channeling them into patching rather than exploitation. It's also a direct investment in the open-source ecosystem that much of OpenAI's own infrastructure depends on.
Who Should Apply
If you maintain a widely-used open source project and want security audits, you can reach out through the OpenAI Patch the Planet page. HackerOne and Calif are also partnering for vulnerability triage and coordinated disclosure.
Sources
• OpenAI official announcement: Patch the Planet
• Trail of Bits: Introducing Patch the Planet
• TechCrunch: OpenAI launches initiative to help find and patch open-source bugs