OpenAI launched Patch the Planet on June 22, 2026, a security-focused initiative developed with Trail of Bits to assist open-source maintainers. The program pairs AI-assisted research with expert human review to identify and resolve vulnerabilities in critical software. Initial participants include major projects like cURL, NATS Server, the Go project, and Python. Participating maintainers receive access to ChatGPT Pro, Codex Security, and API credits, while security engineers utilize models such as GPT-5.5-Cyber to accelerate patching workflows.

Trail of Bits engineers identified hundreds of issues and merged dozens of patches across 19 projects. Key efficiency gains include building a fuzzing lab (a method for finding software bugs by inputting randomized data) in under a day, versus several weeks of manual work. The team also established a pipeline for finding vulnerability variants and completed differential testing (a technique comparing behavior across different software versions) in days rather than months.

The initiative has already produced significant security findings across infrastructure. GPT-5.5-Cyber identified 24 local privilege escalation exploits in the Linux Kernel and a 23-year-old vulnerability in OpenBSD. In browser security, the effort uncovered 5 vulnerabilities in Chrome’s V8 engine and over 10 in Safari’s WebKit within approximately one week. Additionally, the system helped identify a WebAssembly flaw in Firefox, which was patched two days before the Pwn2Own Berlin event. The program aims to alleviate the resource burden on maintainers by streamlining vulnerability discovery and remediation.

OpenAI launched Patch the Planet on June 22, 2026, a security-focused initiative developed with Trail of Bits to assist open-source maintainers. The program pairs AI-assisted research with expert human review to identify and resolve vulnerabilities in critical software. Initial participants include major projects like cURL, NATS Server, the Go project, and Python. Participating maintainers receive access to ChatGPT Pro, Codex Security, and API credits, while security engineers utilize models such as GPT-5.5-Cyber to accelerate patching workflows.

Trail of Bits engineers identified hundreds of issues and merged dozens of patches across 19 projects. Key efficiency gains include building a fuzzing lab (a method for finding software bugs by inputting randomized data) in under a day, versus several weeks of manual work. The team also established a pipeline for finding vulnerability variants and completed differential testing (a technique comparing behavior across different software versions) in days rather than months.

The initiative has already produced significant security findings across infrastructure. GPT-5.5-Cyber identified 24 local privilege escalation exploits in the Linux Kernel and a 23-year-old vulnerability in OpenBSD. In browser security, the effort uncovered 5 vulnerabilities in Chrome’s V8 engine and over 10 in Safari’s WebKit within approximately one week. Additionally, the system helped identify a WebAssembly flaw in Firefox, which was patched two days before the Pwn2Own Berlin event. The program aims to alleviate the resource burden on maintainers by streamlining vulnerability discovery and remediation.