OpenAI's "Patch the Planet": AI Secures Open-Source Software

OpenAI has launched a new program called "Patch the Planet" to fix vulnerabilities in widely used open-source software. This initiative pairs automated analysis with expert review to find and fix flaws. OpenAI is working with cybersecurity firm Trail of Bits on this project. They use AI-assisted vulnerability research and human review to create tested fixes. Initial participants include Python, Go, and cURL, among others. These projects are crucial for software development and networking. The program starts by consulting with maintainers to identify security needs. Researchers then investigate vulnerabilities, develop patches, and coordinate disclosure. Trail of Bits engineers review findings to filter out false positives before sending them to maintainers. OpenAI is also collaborating with HackerOne and Calif for vulnerability triage and disclosure. The company reports that this work has already identified hundreds of security issues and merged dozens of patches. They have also produced new tools for fuzzing and historical CVE analysis. This effort addresses the growing risks enterprises face from flaws in their software supply chains, as seen in incidents like Log4Shell. This program could significantly speed up the process of finding and fixing critical software vulnerabilities.