OpenAI on Monday announced a new initiative designed to help the open source community improve their cybersecurity strategies and avoid bugs.
In “Patch the Planet” (an allusion to the iconic tagline from the 1995 movie “Hackers”, “Hack the Planet”), OpenAI teams up with security firm Trail of Bits to help open source maintainers protect their projects.
OpenAI said Trail of Bits’ security staff works directly with open source maintainers to review potential issues with the code. OpenAI’s security tools, such as Codex Security, are used to assist in this process.
“Many maintainers are already being asked to organize more reports faster, with the same limited time and resources,” OpenAI said Monday. “Patch the Planet is built to reduce that burden, not add to it. Security engineers review findings before reaching out to maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue to improve security even after the initial fix is applied.”
In other words, Trail of Bits engineers function more or less like code EMTs, helping open source project maintainers identify and prioritize potential issues, all supported by OpenAI’s software. This sounds like an ambitious project, but how it will work in the long term or how it plans to scale (if at all) is somewhat unclear.
Open source projects are the digital foundation upon which the commercial software industry is built, but unfortunately, much of the software is insecure due to the decentralized and poorly monitored structure of the ecosystem. Bugs in open source projects can be a big problem for commercial codebases. The log4j debacle a few years ago, when a malicious vulnerability was discovered in a widely used open source utility, is a case in point.
Much of the concern surrounding tools like Mythos (Anthropic’s widely known security tool) appears to stem from the fact that AI can now automatically identify existing bugs in a codebase and create exploits for those bugs. Automated cybercrime is nothing new, but there is no doubt that these tools can make cybercrime significantly more convenient for criminals.
OpenAI flips this formula on its head by using AI to help open source communities better protect themselves. It’s hard not to read this as a competitive swipe at Anthropic while also recognizing that it’s something the open source community desperately needs.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
