OpenAI launched an initiative to identify vulnerabilities in software
OpenAI announced the launch of the Patch the Planet initiative as part of the Daybreak program, which aims to help open source developers identify and fix critical vulnerabilities using artificial intelligence.
Patch the Planet is focused on combining OpenAI’s cybersecurity model capabilities with the expertise of security specialists. Artificial intelligence will detect potential threats, and specialists will verify this data and assist in resolving them. The initiative has already partnered with popular open-source projects, including cURL, Python, Go, NATS Server, Sigstore, aiohttp, and freenginx. Program participants receive access to ChatGPT Pro, API credits, and tools for automating protective processes.
During the first phase of the program, researchers found hundreds of security issues and prepared dozens of fixes. They also developed new tools for testing and generating patches, aimed at reducing dependency on the human factor. GPT-5.5-Cyber, in particular, helped find vulnerabilities in the Linux kernel and identified bugs in Chrome and Safari browsers.
Special attention was given to “HTTP/2 Bomb” attacks, which can cause servers to be denied service. According to OpenAI, the vulnerability affected over 880,000 sites, highlighting the importance of the measures taken.
Patch the Planet undertakes the protection cycle from identifying issues to creating patches and coordinating disclosure, which will help significantly improve the overall level of cybersecurity. Despite the speed of vulnerability detection, their proper elimination remains important, as noted by the company.
The organizers claim that the integration of artificial intelligence into cybersecurity processes will contribute to risk reduction and faster response times.
| Project | Number of Vulnerabilities Detected | Number of Fixes |
|---|---|---|
| cURL | 150 | 30 |
| Python | 120 | 25 |
| NATS Server | 80 | 18 |
| Sigstore | 90 | 20 |
