OpenAI is launching a new initiative to help find and fix open source bugs

OpenAI announced a new initiative on Monday aimed at helping the open source community up its cybersecurity game and fend off bugs.

“Patch the Planet” (a not-so-subtle reference to “Hack the Planet”, the catchphrase from the 1995 film Pirates) will see OpenAI team up with security company Trail of Bits to help open source maintainers secure their projects.

OpenAI said security staff from Trail of Bits will work directly with open source maintainers to review potential code issues. OpenAI’s security tools, such as Codex Security, will be used to assist in this process.

“Many moderators are already being asked to sort through more reports, more quickly, with limited time and resources,” OpenAI said Monday. “Patch the Planet is designed to reduce this burden, not add to it: security engineers review results before they reach maintainers, work with projects to develop patches and tests, and create reusable workflows that help teams continue improving security after the first fixes.”

In other words, Trail of Bits engineers will work more or less like software EMTs — helping the open source project’s creators identify and triage potential issues, all powered by OpenAI software. It sounds like an ambitious project, and it’s a bit unclear how it will work in the long term, or how it plans to expand (if at all).

Open source projects are the digital foundation on which the commercial software industry is built, but unfortunately, due to the decentralized and poorly monitored structure of this ecosystem, much of the software is insecure. Bugs in open source projects can turn into major problems for commercial codebases. The log4j debacle that occurred several years ago — when a nasty vulnerability was discovered in a widely used open source utility — is a good example.

Much of the concern surrounding tools like Mythos (Anthropic’s much-publicized security tool) seems to stem from the fact that AI can now automatically recognize bugs within codebases and start creating exploits for them. While cybercrime automation is not new, these tools undoubtedly have the potential to make it more convenient for bad actors.

OpenAI is turning this formula on its head by using artificial intelligence to help the open source community better protect itself. It’s hard not to read it as a competitive critique of Anthropic, while also acknowledging that it’s something the open source community desperately needs.