OpenAI launches Patch the Planet, wants to fix security bugs before Mythos is unleashed

OpenAI has announced Patch the Planet, a new initiative designed to help open-source software projects find and fix security vulnerabilities before they can be exploited. The programme is part of OpenAI's broader Daybreak cybersecurity effort and arrives amid a growing race to use AI for discovering and fixing software vulnerabilities. In particular, the launch is being seen as OpenAI's response to Anthropic, whose Mythos models have drawn attention for their ability to identify software vulnerabilities at scale.

The announcement was made alongside several Daybreak updates, including a more capable GPT-5.5-Cyber model, a new Codex Security plugin and an expanded network of cybersecurity partners.

What is OpenAI's Patch the Planet?

At its core, Patch the Planet aims to solve what OpenAI sees as a growing problem in cybersecurity. While AI is becoming increasingly effective at finding software vulnerabilities, developers often lack the time, resources and expertise needed to investigate and fix every issue.

That surge in AI-powered bug discovery is creating a new challenge for open-source developers. Open-source software powers everything from websites and browsers to cloud services and critical infrastructure, yet many of these projects are maintained by small teams or even volunteers. As AI tools generate an increasing number of vulnerability reports, developers are finding it harder to separate genuine security threats from duplicate reports and false positives.

Patch the Planet is OpenAI's attempt to address that problem. The company has partnered with security research firm Trail of Bits, along with HackerOne and Calif, to provide free security support to open-source projects. The initiative combines AI-powered vulnerability discovery with human security experts who validate findings, develop patches, test fixes and coordinate responsible disclosure, helping maintainers focus on fixing real security issues rather than sorting through a growing backlog of reports.

According to OpenAI, every vulnerability identified through the programme is reviewed by security engineers before being shared with maintainers. This human review process is intended to reduce false alarms and ensure developers spend their time fixing real issues rather than reviewing questionable reports.

OpenAI says the programme has already produced promising results. During an initial five-day sprint, Trail of Bits assigned 25 engineers to work across 19 open-source projects. The effort reportedly uncovered hundreds of security issues and resulted in dozens of patches. Researchers also built AI-assisted testing systems capable of completing work in days that would traditionally take weeks or even months.

OpenAI's response to Anthropic Mythos

The launch also highlights OpenAI's growing rivalry with Anthropic in cybersecurity. Earlier this year, Anthropic's Mythos models attracted attention for their ability to identify large numbers of software vulnerabilities across operating systems, browsers and networking software.

OpenAI argues that discovering bugs is only half the challenge. The bigger task is helping developers validate findings, write fixes and deploy patches before attackers can exploit vulnerabilities. Patch the Planet is designed to address that gap by moving AI-assisted cybersecurity beyond discovery and into remediation.

Alongside the announcement, OpenAI said its latest GPT-5.5-Cyber model achieved an 85.6 per cent score on the CyberGym benchmark, ahead of Anthropic Mythos 5's reported score of 83.8 per cent.

As AI continues to accelerate vulnerability discovery, OpenAI seems to be betting that the next phase of cybersecurity will not be about finding more bugs, but fixing them faster.