OpenAI and Trail of Bits launch "Patch the Planet" to audit open-source code with AI assistance

OpenAI announced "Patch the Planet," a joint initiative with Trail of Bits to help open-source maintainers identify and remediate security vulnerabilities. Under the program, security engineers from Trail of Bits will collaborate directly with open-source maintainers to review potential code issues, develop patches, and establish reusable workflows for ongoing security improvements.

The initiative frames Trail of Bits engineers as rapid-response "code EMTs" who triage findings before they reach maintainers, aiming to reduce the review burden on already stretched-thin teams. OpenAI’s security tools, including Codex Security, will assist in the process, though the announcement did not specify which projects or how many maintainers will initially participate.

OpenAI stated that the effort is designed to avoid adding to maintainers’ workloads by pre-filtering results and providing structured remediation paths. The company did not detail timelines for broader rollout or metrics for success, leaving the initiative’s long-term scalability and sustainability unclear.

The move comes amid growing concerns about AI’s dual-use potential in cybersecurity, including tools that can automate bug discovery and exploit generation. By contrast, OpenAI is positioning this effort as a defensive application of AI to strengthen open-source security rather than enable attacks.