By ByteBot
On June 22, OpenAI expanded its Daybreak cybersecurity program with the full release of GPT-5.5-Cyber and the launch of “Patch the Planet” — an initiative that is now actively submitting pull requests to open-source projects you depend on daily. A five-day sprint across 19 projects, including cURL, Python, Go, urllib3, and PyPI, surfaced hundreds of security issues, filed 64 pull requests, and got 37 patches merged. AI is no longer just finding vulnerabilities in your dependencies. It’s fixing them.
That framing matters. The hard part of open-source security has never been finding bugs — it’s been patch velocity. Maintainers of critical projects like cURL and Python handle billions of downloads with teams measured in single digits, and vulnerability reports pile up faster than they can be reviewed. Patch the Planet changes the model: GPT-5.5-Cyber finds and validates, Trail of Bits human experts review, and maintainers receive ready-to-merge pull requests instead of another item in an already-long queue.
Patch the Planet: PRs, Not Reports
The Patch the Planet initiative — co-developed with security firm Trail of Bits and bug bounty platform HackerOne — covered cURL, Go, Python, PyPI, Sigstore, pyca/cryptography, aiohttp, RustCrypto, NATS, Valkey, and freenginx in its first sprint. The numbers from five days: hundreds of bugs discovered, 64 pull requests submitted, 37 patches already merged.
The capabilities on display go well beyond automated static analysis. According to Trail of Bits, GPT-5.5-Cyber stood up a full fuzzing lab in under one day — a process they estimate at 2 to 3 weeks of manual engineering effort. The model also demonstrated variant analysis across cryptographic libraries, identifying related bug classes after finding an initial vulnerability. One concrete result: Mozilla patched a WebAssembly flaw found by GPT-5.5-Cyber two days before Pwn2Own Berlin. Contributions also included CI security scanning integration, supply-chain tooling improvements, and SBOM sidecar generation for Python artifacts — infrastructure hardening, not just bug reports.
Related: AI Is Hunting Bugs Now: 2026 CVE Count Heading for 66,000
GPT-5.5-Cyber Full Release: What the Benchmarks Show
The full GPT-5.5-Cyber release replaces the previous permissive-only preview with a model restricted to verified defenders through OpenAI’s Trusted Access for Cyber program. On OpenAI’s Daybreak benchmarks, it scores 85.6% on CyberGym — which measures whether an AI agent can reproduce known vulnerabilities in test environments — versus 81.8% for standard GPT-5.5. It also outperforms on ExploitGym (39.5% vs. 25.95%) and SEC-bench Pro (69.8% vs. 63.1%). In controlled testing, GPT-5.5-Cyber identified security-relevant components across more than 30 million lines of code and generated 24 local privilege escalation exploit proof-of-concepts, used defensively to validate and then patch vulnerabilities.
The “vetted defenders only” access restriction is deliberate. The same capabilities that make this model useful for finding bugs defensively make it dangerous in adversarial hands. However, that gate only covers the model — not the technique. A capable adversary can build similar capabilities without GPT-5.5-Cyber specifically. The restriction matters for slowing that; it doesn’t make the capability disappear.
Codex Security Scale and the Commercial Partner Program
Codex Security, the scanning engine behind the initiative, has reviewed more than 30 million commits across 30,000+ codebases since its March preview. Over 70,000 findings were manually confirmed as fixed by human reviewers; The Hacker News reports 500,000+ were automatically resolved. The commercial Daybreak Cyber Partner Program — with launch partners Accenture, Cisco, CrowdStrike, IBM, Okta, Palo Alto Networks, and Wiz — extends these capabilities into enterprise security products, not just direct OpenAI API access.
The 70,000 human-confirmed findings is the meaningful figure here. Automated security scanners routinely generate noise at scale; the human review layer filtering down to 70,000 confirmed fixes suggests a meaningfully higher signal-to-noise ratio than most automated tools produce.
What Developers Should Know
The most immediate implication: the open-source projects you depend on are receiving AI-generated patches. Some are already merged. This is not cause for alarm — Trail of Bits expert review sits between AI output and maintainer inbox — but it changes how you should think about dependency auditing. Understanding whether a recent patch to cURL or urllib3 came through Patch the Planet is now a reasonable question when reviewing security advisories or dependency update diffs.
The governance question will intensify as the program scales beyond 30 projects. Who is responsible when an AI-generated patch introduces a performance regression in Python’s standard library? The “AI found it, human expert reviewed it, maintainer merged it” chain distributes responsibility in ways the open-source community hasn’t had to formalize before. Patch the Planet is solving a real problem — patch velocity against an overwhelming volume of security reports. Working out the accountability model for AI-assisted patches at scale is the next problem waiting to be solved.
Key Takeaways
- OpenAI’s Patch the Planet launched June 22 with Trail of Bits and HackerOne, covering 30+ open-source projects including cURL, Python, Go, and urllib3 — 37 patches merged in the first five-day sprint
- GPT-5.5-Cyber (full release) scores 85.6% on CyberGym vulnerability reproduction benchmarks, up from 81.8% for standard GPT-5.5; access is restricted to vetted security defenders
- Codex Security has reviewed 30M+ commits across 30,000+ codebases; commercial partners including Cisco, CrowdStrike, IBM, and Palo Alto Networks will embed these capabilities in enterprise products
- The model shift is reports-to-PRs: instead of vulnerability reports that queue behind hundreds of others, maintainers receive pre-validated, ready-to-merge patches with context
- AI-generated patches are now entering your open-source dependencies; understanding this is part of responsible dependency auditing going forward
