In short
OpenAI announced an expanded AI cybersecurity push that includes a better GPT-5.5-Cyber model, a Codex Security plugin and a new open-source effort called Patch the Planet. The initiative, built with Trail of Bits, aims to help maintainers find and fix vulnerabilities faster as AI-powered bug hunting intensifies.
- OpenAI launched Patch the Planet to help open-source projects patch vulnerabilities and strengthen security workflows.
- The company also updated GPT-5.5-Cyber and expanded access to its limited cyber tools for governments and institutions.
- Trail of Bits says the project has already found hundreds of bugs and produced dozens of patches in its first week.
- The initiative reflects a growing race between AI labs to build cybersecurity tools while managing safety and access risks.
OpenAI is widening its cybersecurity ambitions with a new set of product updates, a larger international access program for governments and institutions, and a significant attempt to help secure the open-source software ecosystem before AI-powered vulnerability discovery outpaces the people maintaining critical code.
The centerpiece of that broader effort is Patch the Planet, a new initiative launched with security research firm Trail of Bits and supported by vulnerability management companies HackerOne and Calif. The program is designed to give open-source maintainers hands-on security help, from vulnerability triage and code review to patch development and longer-term workflow improvements that can make projects more resilient.
The move arrives at a moment when the AI industry is moving rapidly into cybersecurity, with labs racing to prove that their models can defend software as effectively as they can find flaws in it. It also comes amid growing government scrutiny of frontier systems, after recent concerns in Washington over advanced models’ offensive capabilities prompted tighter oversight and, in some cases, restrictions.
OpenAI’s latest cybersecurity push
On Monday, OpenAI announced several updates aimed at security teams, public-sector partners and open-source maintainers. The company said it has improved GPT-5.5-Cyber, a specialized version of its model family that remains limited to trusted users rather than being released broadly. It also said it is expanding international work with governments and institutions through a “Trusted Access for Cyber” program, which is intended to give selected partners access to OpenAI’s newest cyber-focused tools.
Another announcement involved Codex Security, OpenAI’s security scanner, which is now available as an app plugin. That change is meant to make the tool easier to deploy in real-world development environments, where security teams increasingly need automated assistance to review code, surface vulnerabilities and support remediation.
Together, the updates reflect a strategic shift: OpenAI is not simply demonstrating that its models can write code or answer questions. It is also trying to position them as practical security instruments for governments, enterprises and software communities facing a surge in AI-assisted bug discovery.
Why open source is becoming a new AI security battleground
The launch of Patch the Planet is a response to a specific strain on open-source development. Maintainers of widely used software projects often work with limited staff, modest budgets and a backlog of issues that can already be difficult to manage. In recent months, that burden has grown as AI tools have made it easier to generate vulnerability reports at scale—many of them low quality, repetitive or irrelevant.
The result, according to the companies behind the effort, is a flood of noise that can bury real problems. Maintainers can spend hours sorting through suspicious reports that may not amount to genuine security threats, leaving less time for actual fixes and defensive upgrades.
OpenAI cyber tech lead Fouad Matin framed the problem as one of overloaded volunteers doing critical infrastructure work while also being asked to process a growing volume of machine-generated reports. The company’s answer, he said, is to reduce the operational burden so maintainers can focus on finding and fixing the most important weaknesses.
OpenAI argues that the goal is not only to help identify bugs, but to make it easier to validate, patch and merge fixes at scale while reducing the time and labor required from maintainers.
What Patch the Planet is designed to do
Patch the Planet is built around a straightforward premise: if AI is going to accelerate vulnerability discovery, then open-source projects need faster, more sustainable ways to respond. Rather than offering generic advice, the program provides project-specific support tailored to the needs of each codebase.
That support can include codebase assessments, help validating suspected bugs, development of patches, improved testing systems, custom fuzzers and cleaner technical workflows. In some cases, the program may help maintainers build security processes they can continue using long after the initial engagement ends.
Trail of Bits CEO and cofounder Dan Guido said the aim is to help open-source software get ahead of automated bug-hunting tools while also demonstrating that AI coding systems can be useful rather than merely disruptive.
According to Trail of Bits, the effort is meant to help open source keep pace with AI bug hunters and to show that AI-assisted development can bring benefits as well as risks.
Guido also emphasized that the initiative is not intended to apply one universal solution across every project. Instead, his team works directly with each maintainer to identify the most urgent need, whether that is stronger testing infrastructure, custom analysis tools or cleanup work that improves the speed of future patching.
How the program is being staffed
The early launch phase of Patch the Planet has already been unusually resource-intensive. More than 30 open-source projects are participating, with more expected to join. Trail of Bits recently ran a five-day opening sprint in which 25 engineers—roughly one-fifth of its workforce—worked simultaneously on the effort.
That level of staffing points to the scale of the problem OpenAI and Trail of Bits are trying to address. Security work at this level is often slow, manual and highly contextual. Each codebase has its own architecture, dependencies and patterns of failure, meaning generic automation is rarely enough.
OpenAI and Trail of Bits said the first week of work has already uncovered hundreds of bugs and produced dozens of patches. The companies described the results as an early sign that a targeted, hybrid approach—combining AI systems with human security experts—can move fast enough to matter.
What participating maintainers get
Beyond direct technical support, Patch the Planet includes a package of tools and resources that participants can use after the initial engagement ends. The program provides:
- Six months of free ChatGPT Pro
- Six months of Codex Security access
- Infrastructure and workflow improvements
- Support for keeping AI tools integrated into future development
The intent is to leave open-source maintainers with lasting improvements, not just a burst of short-term remediation. OpenAI says it wants projects to come away with more sustainable systems that can help them continue reviewing code and patching vulnerabilities without needing permanent outside intervention.
The scale problem: AI finds bugs faster than people can review them
The cybersecurity community has spent years warning that software supply chains are only as strong as their weakest maintained component. Open-source software now sits at the heart of much of the internet’s infrastructure, from small libraries embedded in commercial products to foundational systems used by governments and large enterprises.
That reality makes the maintainers of those projects disproportionately important—and disproportionately vulnerable to overload. Many are volunteers or lightly funded contributors who are already struggling to keep up with issues, pull requests and patches.
AI has sharpened that problem in two ways. First, it can identify real flaws faster than many human review teams. Second, it can generate large volumes of plausible but unhelpful reports, creating a screening burden that can slow response times rather than improve them.
In that environment, the bottleneck is no longer just finding a bug. It is deciding what matters, validating it, fixing it and getting the patch merged before the next issue arrives.
OpenAI vs. Anthropic in the cybersecurity race
Monday’s announcements also landed in the middle of an increasingly visible contest between OpenAI and Anthropic. The two companies have been building and refining cybersecurity-oriented models, and each now appears eager to define the standards for what “safe” and “useful” AI in security should look like.
OpenAI highlighted benchmark results for GPT-5.5-Cyber, saying the latest checkpoint reached 85.6 percent on CyberGym, an evaluation designed to test cyber capabilities. That figure was presented as an improvement over a prior version of the model and as a performance edge over Anthropic’s Mythos 5, which OpenAI said scored 83.8 percent.
Anthropic, meanwhile, has faced its own scrutiny. Earlier this month, its new Fable 5 and Mythos 5 models were pulled from the market amid concern from the Trump administration about how capable frontier systems could become in offensive cyber contexts. Those tensions intensified after Anthropic publicly released a version of Fable 5 with restrictions on advanced biological and cybersecurity functions, measures the administration reportedly considered insufficient.
OpenAI’s latest cyber model remains under a limited-access program rather than being made public. That distinction matters: the company is trying to show capability and control at the same time, offering advanced tools only to selected partners while retaining tight oversight of deployment.
Why benchmark scores matter less than deployment rules
Benchmarks such as CyberGym can help compare systems, but the real stakes are operational. A model that scores well in a controlled test may still raise serious risks if it is accessible too broadly or if its safety guardrails are weak.
That is why the current race is not just about raw performance. It is about governance, access control, monitoring and acceptable-use policy. The companies building these models are now competing on whether they can give defenders useful tools without empowering attackers at the same time.
Government pressure is rising too
OpenAI’s announcements also arrived the same day that the Five Eyes intelligence alliance issued a rare joint warning about frontier AI and cybersecurity. The group said these systems are expected to surpass current industry assumptions and that both offensive and defensive cyber capabilities could change within months, not years.
The message from the alliance reflects a broader policy mood shift. Governments are increasingly treating advanced AI as a national security issue, particularly when it comes to malware development, vulnerability exploitation, automated phishing and the scaling of cyber operations.
For companies like OpenAI, that means any cybersecurity product strategy now sits inside a geopolitical frame. A model that can help organizations patch software can also attract concern if it appears capable of helping adversaries discover and weaponize flaws faster than defenders can respond.
The Five Eyes warning underscored a growing belief among intelligence agencies that frontier AI is compressing the timeline for cyber risk from years to months.
Subsidized usage and the economics of AI security
OpenAI said it has been subsidizing use of Codex Security for both open-source and private codebases, with internal spending reaching what Matin described as 20 trillion tokens. That figure illustrates how resource-intensive AI-based security work can be, especially when a company is trying to support large-scale scanning and remediation without charging every participant at full commercial rates.
The economics matter because open-source maintainers generally cannot absorb enterprise-level security costs. If AI vendors want their tools to become part of the defensive stack, they may need to offset some of the expense themselves, at least during the early adoption phase.
That appears to be the logic behind Patch the Planet. Rather than treating security consulting as a premium service, OpenAI and Trail of Bits are positioning it as shared infrastructure support for the software ecosystem that underpins much of the digital economy.
What Trail of Bits brings to the effort
Trail of Bits is widely known in security circles for deep technical audits and research-driven defensive work. Its participation gives the initiative credibility among practitioners who may be skeptical of AI marketing claims but receptive to rigorous, hands-on security engineering.
Guido said the first phase of the program was deliberately focused on the most obvious and severe issues. The team’s goal, he explained, was to remove the “low-hanging fruit” first while also building custom agent workflows that maintainers could continue using after the direct engagement ended.
That combination is important. In many security projects, the challenge is not only discovering vulnerabilities but making the remediation process repeatable. If the work stops after a few patches, the project may end up in the same position a few months later. Sustainable tooling is what turns a consulting sprint into a long-term improvement.
What this means for open-source maintainers
For maintainers, the initiative could offer a rare form of practical relief. Instead of chasing every suspicious report, they may get help triaging, reproducing and fixing issues with experts who can also upgrade their security workflow.
That said, the project is unlikely to solve the structural resource problem facing open source on its own. The number of critical packages, libraries and frameworks that need attention is vast, and the supply of experienced security engineers is limited. Patch the Planet may therefore function more as a model than a complete solution.
Still, the approach is notable because it accepts that AI has changed the game. The response is not to pretend automated vulnerability research can be rolled back, but to improve the defenses of the people now dealing with its consequences.
Potential benefits
- Reduced burden from noisy or low-quality vulnerability reports
- Faster identification of high-severity flaws
- Better code hygiene and stronger test coverage
- Practical exposure to AI tools for maintainers
- Improved long-term security resilience
Potential limits
- Only a small share of projects can be handled intensively at once
- Volunteer maintainers still face ongoing workload constraints
- AI-generated reports may continue to outpace human review capacity
- Long-term sustainability depends on whether projects can keep using the tools
A snapshot of the announcement
| Item | Details | Why it matters |
|---|---|---|
| GPT-5.5-Cyber update | Improved checkpoint under OpenAI’s limited trusted-access cyber program | Shows OpenAI is refining high-end security models without public release |
| Codex Security plugin | Security scanner now available as an app plugin | Expands deployment options for development and security teams |
| Patch the Planet | Open-source security initiative with Trail of Bits, HackerOne and Calif | Aims to help maintainers find and patch vulnerabilities faster |
| Participating projects | More than 30 open-source projects at launch | Signals broad interest and immediate demand |
| Early output | Hundreds of bugs found, dozens of patches produced in week one | Suggests AI-assisted security workflows can generate rapid results |
| CyberGym score | GPT-5.5-Cyber at 85.6%, ahead of Anthropic’s Mythos 5 at 83.8% | Highlights competition in model capability claims |
The bigger story: AI security is becoming infrastructure work
For years, AI security debates were often framed around theoretical misuse, abstract alignment concerns or headline-grabbing red-team demonstrations. The conversation is changing. The immediate problem is now much more operational: who will defend the software stack when AI can hunt for flaws faster than many volunteer communities can respond?
OpenAI’s latest move suggests the company sees an opportunity to define itself as part of the answer. By pairing model development with practical support for maintainers, it is trying to show that AI security is not only about building more powerful systems, but about integrating those systems into the messy reality of software maintenance.
That is also where the competition with Anthropic becomes strategically important. The race is not just for benchmark leadership or model prestige. It is for trust among governments, enterprises and developers who want strong defenses without unleashing new attack vectors.
If Patch the Planet succeeds, it could become a template for how AI vendors support the open-source projects that keep digital infrastructure functioning. If it falls short, it will still highlight the scale of the challenge: AI is transforming cyber defense faster than many of the people responsible for maintaining the world’s software can adapt.
For now, the message from OpenAI is clear. It wants to be seen not only as a builder of frontier systems, but as a company trying to harden the software ecosystem against the very tools it helped advance.
