OpenAI's new Daybreak⁠ initiative will help open-source projects fend off bugs

Patch the Planet will pair security researchers with open-source projects.

Samuel Boivin/Shutterstock

OpenAI has launched Patch the Planet, a new initiative part of its Daybreak cybersecurity program, which was designed to serve the open-source community. The company is working with cybersecurity firm Trail of Bits that has committed its entire security research organization for the project.

In its own announcement, Trail of Bits said that while models like GPT-5.5-Cyber can produce "a firehose of security findings" for users, project maintainers, who are already stretched thin, will have to sift through all of them to identify real vulnerabilities from false positives. Patch the Planet is meant to reduce project maintainers' burden by putting them in contact with security researchers, who use OpenAI's top models and Codex Security to identify vulnerabilities and review findings before they even reach the maintainers. The researchers then work with maintainers to develop and test patches, as well as to create workflows that maintainers can follow to continue improving their projects' security.

For the initiative's first week, Trail of Bits' security engineers worked with 19 open-source projects using OpenAI's Codex and GPT‑5.5‑Cyber models. The company said its engineers discovered hundreds of legitimate bugs and 51 issues, 19 of which have already been fixed. For the first round, the participants include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python and python.org. OpenAI said more projects will join in future rounds.

OpenAI launched Daybreak in May in response to Anthropic's Project Glasswing. The company explained at the time that Daybreak is built around the premise that cyber defense should be built into software from the start and not just revolve around finding and fixing vulnerabilities. Its goals are to reduce hours of analysis to minutes and to quickly generate and test patches within repositories.