OpenAI on Monday announced a new initiative designed to help the open source community improve its cybersecurity game and prevent bugs.
“Patch the Planet” (a not-so-subtle allusion to the 1995 film’s iconic catchphrase “Hack the Planet”). hacker) will help OpenAI work with security firm Trail of Bits to help open source maintainers secure the project.
OpenAI said Trail of Bits’ security staff will work directly with open source maintainers to review potential code issues. OpenAI’s security tools, such as Codex Security, are used to assist in the process.
“Many maintainers are already being asked to clean up more reports faster, with the same limited time and resources,” OpenAI said Monday. “Patch the Planet was built to reduce the burden, not increase it. Security engineers review results before they are passed on to maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue to improve security even after the first fixes are applied.”
In other words, Trail of Bits engineers work much like code EMTs, helping open source project maintainers identify and triage potential issues, all supported by OpenAI software. It sounds like an ambitious project, and it’s somewhat unclear how it will work in the long term or how it plans to expand.
Open source projects are the digital foundation of the commercial software industry, but unfortunately the decentralized and poorly monitored structure of their ecosystem makes much of their software insecure. Bugs in open source projects can turn into major problems in commercial codebases. A good example is the log4j incident a few years ago when a bad vulnerability was discovered in a widely used open source utility.
Much of the concern surrounding tools like Mythos (Anthropic’s widely known security tool) seems to stem from the fact that AI can now automatically identify existing bugs within a codebase and create attacks against them. While automation in cybercrime is nothing new, these tools undoubtedly have the potential to provide even more convenient capabilities for malicious actors.
OpenAI turns that equation on its head by using AI to help open source communities better protect themselves. It’s hard not to read this as a competitive swipe at Anthropic, while also recognizing that it’s something the open source community desperately needs.
If you purchase through links in our articles, we may receive a small commission. This does not affect our editorial independence.
