OpenAI Launches Patch the Planet Open-Source Security Initiative

What happened

OpenAI on June 22 launched Patch the Planet under its Daybreak cyber program, partnered with Trail of Bits and HackerOne. The system pairs the newly released GPT-5.5-Cyber model with human security reviewers to find and patch vulnerabilities in critical OSS.

Context and impact

First large-scale deployment of a frontier cyber-tuned model into upstream OSS supply-chain hardening — moves AI security from "find" to "fix at scale." Mozilla patched a WebAssembly flaw two days before Pwn2Own Berlin (5 of 6 Firefox entries withdrew). GPT-5.5-Cyber set a new 85.6% benchmark on CyberGym.

Details

• Week 1: 64 PRs, 51 issues, 37 merged patches
• Targets: cURL, Go, Python, Sigstore, pyca/cryptography (19 projects)
• GPT-5.5-Cyber: 85.6% on CyberGym (state-of-the-art)
• Maintainer onboarding via Trail of Bits / HackerOne