Patch the Planet, an initiative by OpenAI and Trail of Bits, cuts the load on open‑source maintainers. The program pairs AI‑powered vulnerability hunting with human review, then builds patches and reusable workflows. By filtering findings before they reach maintainers, the initiative turns discovery into action without adding extra work for highly valuable contributors and developers.

The program starts by consulting each project, then security engineers map out needs—validation, patching, CI/CD tweaks, or long‑term strategy. Researchers use GPT‑5.5‑Cyber and Codex Security to scan code, validate issues, draft fixes, and coordinate disclosure. Early partners include cURL, NATS Server, pyca/cryptography, and the Go project, all of which power critical networking and cryptography stacks for enterprise users daily.

Trail of Bits engineers already spotted hundreds of flaws and merged dozens of patches across nineteen projects, delivering fuzzing labs, variant‑search pipelines, and differential‑testing suites in days instead of weeks. Each finding passes a manual review before release, trimming false positives that would otherwise flood maintainers. The project demonstrates how AI, combined with human oversight, can accelerate secure code delivery.