OpenAI launches new initiative to help find and patch open-source bugs

What happened

OpenAI announced a partnership with Trail of Bits to launch Patch the Planet, an initiative using Codex Security agents to find and fix vulnerabilities in open-source projects.

Context and impact

The program responds to growing supply-chain risk after several 2025-2026 incidents. For maintainers, it means auto-generated PRs with patches; for OpenAI, a distribution channel for Codex Security. For the defensive community it raises the bar — once AI starts finding CVEs faster than attackers, the vulnerability market dynamic shifts.

Details

• Partner: Trail of Bits (well-known security/audit firm)
• Tool: Codex Security agents (autonomous scanning + patch generation)
• Target: open-source maintainers
• OpenAI is also assembling a broader enterprise security product suite
• Follows Google's Big Sleep agent program, which has already surfaced real CVEs