By ByteBot
OpenAI’s GPT-5.5-Cyber just filed its first 37 pull requests into the open-source projects your applications depend on. In the first week of “Patch the Planet” — a June 22 initiative built with Trail of Bits — AI-assisted researchers worked across 19 projects including cURL, Python, Go, Sigstore, and aiohttp, producing 64 pull requests and 51 filed issues. Some are already merged. Your dependencies are being audited by AI, and the patches are shipping.
What GPT-5.5-Cyber Actually Found
This is not a proof-of-concept demo. The scope of findings from GPT-5.5-Cyber’s first weeks of operation looks more like what a major government contractor might produce after months of work:
- Linux kernel: 8 pointer information-leak proof-of-concepts and 24 local privilege escalation exploits — across 30 million lines of code
- Chrome V8: 5 exploitable vulnerabilities, with three caught and fixed within days of being introduced
- WebKit/Safari: 10+ exploitable vulnerabilities reported
- OpenBSD: A 23-year-old use-after-free bug in System V semaphore handling — exploitable to root
- FreeBSD: 34 confirmed vulnerabilities, 7 local privilege escalation proof-of-concepts
- Mozilla/WebAssembly: CVE-2026-8390, patched two days before Pwn2Own Berlin
A 23-year-old bug exploitable to root is not something a regex-based scanner finds. These results make the case that GPT-5.5-Cyber — which scores 85.6% on the CyberGym benchmark compared to 81.8% for standard GPT-5.5 — is operating at a level that merits serious attention, not just a press release skim.
Why AI Is Now Writing the Patches, Not Just Finding the Bugs
The backstory matters here. In March 2026, HackerOne paused its internet bug bounty program. The reason: AI-generated vulnerability reports were flooding maintainers, and most were low quality. The bottleneck in open-source security had shifted from discovery to remediation. Maintainers were buried.
Patch the Planet is OpenAI’s response to that exact problem. The workflow deliberately closes the loop: GPT-5.5-Cyber discovers a vulnerability, Trail of Bits engineers validate the finding and develop a patch, then the patch goes to the maintainer for review. The AI is not firing unsolicited pull requests at open-source projects — humans are in the loop at every step before a fix reaches a maintainer.
That distinction is load-bearing. It is why Daniel Stenberg, the author of cURL and one of the most vocal critics of AI-generated bug floods, is participating. His involvement is the strongest signal available that this initiative is structured differently from the noise. Read the full initiative announcement at OpenAI’s Patch the Planet page.
Which Projects Are in Scope
As of launch, 30+ projects have committed to Patch the Planet. Confirmed participants include cURL, Python, Go, Sigstore, aiohttp, NATS Server, pyca/cryptography, freenginx, python.org, and 20+ additional projects.
The public tallies also undercount the actual work — several projects take findings through private disclosure channels (HackerOne, GitHub security advisories), which means the 64 PRs and 37 merges from week one are a floor, not a ceiling.
Developers can nominate their open-source project for participation via the Trail of Bits Patch the Planet portal. If your project is already on the list, patches may be incoming through normal contribution channels — you may not realize the PR you are reviewing came from an AI until you check.
What You Can Run Today
GPT-5.5-Cyber itself is not publicly accessible — it requires verified defender status and Trusted Access for Cyber. But the underlying tooling is available now.
Codex Security — part of the same Daybreak initiative — is available to ChatGPT Pro, Enterprise, Business, and Edu subscribers. It scans entire codebases, sections, or individual commits and surfaces patches for human review, not auto-applied. In its first 30 days, Codex Security scanned 1.2 million commits and flagged 792 critical findings and 10,561 high-severity findings.
To get started: go to chatgpt.com/codex, open Settings, navigate to Environments, and connect your GitHub repository.
The Concern Worth Taking Seriously
The obvious counterargument to all of this is supply chain power. If OpenAI becomes the entity responsible for patching global open-source infrastructure — tools used by billions of systems — that is a significant concentration of influence over software that no single company should control. An AI-generated patch that introduces a secondary vulnerability, intentionally or through hallucination, in a library as widely deployed as cURL or Python’s cryptography package would be catastrophic.
Trail of Bits’ human review layer is a serious answer to that concern. But it is not a complete one, and independent security coverage is right to keep pressure on both the process and the participants. Stenberg’s involvement is reassuring. OpenAI funding, directing, and controlling the scope of this effort is a detail that should not get lost in the headline numbers.
AI is now writing patches that ship into production open-source libraries. That happened eight days ago. The least useful response is to ignore it.
