OpenAI Initiates Comprehensive Initiative to Fix Open-Source Vulnerabilities While Competing with Anthropic’s Mythos

As concerns about AI hacking capabilities intensify, OpenAI announced a series of cybersecurity initiatives on Monday, including an updated version of its limited-access security model, GPT-5.5-Cyber. The company also emphasized its expanded international collaborations with governments and institutions to provide them “trusted access” to its latest cybersecurity models, along with the launch of its Codex Security scanner as an app plug-in.

As advancements across the AI landscape pose increasing risks to essential open-source projects, the company is also introducing an initiative called Patch the Planet, developed in partnership with the notable research firm Trail of Bits, along with vulnerability management entities HackerOne and Calif.

This initiative has commenced by offering complimentary security consulting to open-source maintainers, assisting them not only in identifying and fixing vulnerabilities but also in fortifying their code bases and integrating AI security tools into their development workflows. The goal is to provide tailored support to as many open-source projects as possible, enhancing their current security and long-term sustainability.

“Patch the Planet is an expansive initiative aimed at helping open-source software stay ahead of AI-driven bug-hunting tools,” says Dan Guido, CEO and cofounder of Trail of Bits. “This effort also seeks to show the open-source community the positive aspects of AI coding tools, not just the drawbacks.”

Open-source developers—usually volunteers maintaining critical software with limited resources—often find themselves overwhelmed by existing bug reports. The recent surge in AI-generated vulnerability reports has made it even harder for maintainers to manage backlogs, complicating their ability to focus on pressing issues.

“Maintainers work out of passion for open source, and now they’re faced with reviewing large volumes of irrelevant CVEs,” explains Fouad Matin, OpenAI’s cyber tech lead. With Patch the Planet, he notes, “we’ve optimized the process to alleviate the burden for maintainers—conducting code assessments, validating potential reports, and creating and deploying patches. Our aim is to minimize costs, whether in terms of tokens or manpower, to patch as much software as we can.”

Matin further mentions that for its Codex Security scanner, which has been in research preview since earlier this year, OpenAI has been subsidizing code usage “to the tune of 20 trillion tokens” for both open-source and private projects.

More than 30 open-source projects are already involved in Patch the Planet, with additional participants poised to join soon. To kick off the initiative, Trail of Bits recently executed a five-day sprint involving 25 engineers—about one-fifth of its workforce—collaborating with various maintainers. OpenAI and Trail of Bits report that the project has already identified hundreds of bugs and generated numerous patches within its first week. Guido notes that with OpenAI’s funding and unrestricted model access, Trail of Bits is committed to supporting Patch the Planet initiatives for the long haul.

“It’s a rare opportunity for us to tackle large-scale open-source security challenges,” says Guido. “Patch the Planet is not a one-size-fits-all solution; we engage with every maintainer for each project to understand their highest priorities, whether that involves enhancing testing infrastructure, developing custom fuzzers, or simply organizing technical data across the project—these are the factors that will enable them to work more efficiently and act swiftly to patch vulnerabilities.”