OpenAI unveils “Patch the Planet” to fix open-source software

OpenAI has announced a new initiative called “Patch the Planet” to get rid of vulnerabilities in open-source software.

The goal is to help maintainers of critical open-source projects identify, validate, and fix security vulnerabilities before they can be exploited. To do this, the San Francisco-based tech company is combining AI-powered security tools and human cybersecurity expertise.

“Many maintainers are already being asked to sort through more reports, more quickly, with the same limited time and resources,” OpenAI said in a blog post on Monday.

“Patch the Planet is built to reduce that burden, not add to it: security engineers review findings before they reach maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue improving security after the first fixes land,” the company continues.

According to OpenAI, frontier AI models like GPT-5.5 are more than capable of finding and patching vulnerabilities in open-source software. However, they also produce a high volume of false positives that add to the maintainers’ already heavy workload.

“Patch the Planet solves for this by having dedicated Trail of Bits researchers reproduce the evidence, check findings against project-specific documentation and threat models, remove duplicates, reassess severity, and prioritize confirmed vulnerabilities for remediation,” OpenAI promises.

At all times, the developers of open-source projects remain in control of what patches are deployed and how disclosure is handled.

Initially, Patch the Planet will focus on 19 open-source projects, including cURL, NATS, pyca, Sigstore, aiohttp, the Go project, freenginx, Python and python.org, urllib3, PyPI, SimpleX, Valkey, and RustCrypto.

OpenAI intends to expand the number of open-source projects in the future. Interested maintainers of an open-source project can now apply to join.

Patch the Planet is a collaboration between OpenAI and security firm Trail of Bits and works directly with maintainers of open-source software to investigate and validate potential code issues, develop and test patches, and coordinate disclosure of vulnerabilities.