AAITopic

Back to today's topics

Verified · Jun 23, 2026

OpenAI is patching open source with AI and Trail of Bits

2 sources

OpenAI, Trail of Bits, HackerOne, and Calif are pairing GPT-5.5-Cyber and Codex Security with human reviewers to find, validate, and patch vulnerabilities in critical open-source projects from cURL to the Linux kernel.

Why now

The June 22, 2026 post shares concrete numbers from the first sprint, including 19 projects, hundreds of findings, and dozens of merged patches.

Why it is worth publishing

It is a real, demoable example of AI defending open source that security-focused creators can show with a maintainer, not just a frontier model.

Evidence basis

Open-source supply chain security is a top audience concern, and a named partner list makes the topic citable and visual.

OpenAI and Trail of Bits patched dozens of real open-source bugs together.

Angle

Translate one concrete number into a single clear takeaway.

Format

Carousel

Demo idea

Show a before/after of a real patch from one of the 19 projects with a one-line credit to the maintainer.

Platform notes

Always credit the maintainer and the security engineer, not just the model. Avoid implying the model patches anything on its own; every finding is reviewed before it reaches a maintainer. Quote the official post so the maintainer credit is not editorially invented.

Usable claims

  • OpenAI's Patch the Planet program, run with Trail of Bits, reports that GPT-5.5-Cyber and Codex Security helped identify hundreds of issues and merge dozens of patches across 19 open-source projects in its first sprint.

Evidence pipeline

From the news

Breakdown

This breakdown explains the maintainer-first workflow behind OpenAI's Patch the Planet program, why every finding is reviewed by Trail of Bits before reaching a maintainer, and what creators should credit when they tell the story.

Sources

Risks

  • Pair every Patch the Planet story with a maintainer or Trail of Bits credit, and explain that security engineers manually review every finding.

Demo ideas

  • Walk through a real disclosed CVE from the first sprint
  • Show the Trail of Bits fuzzing lab workflow in under a minute