On Monday, OpenAI revealed a fresh initiative aimed at assisting the open source community in enhancing its cybersecurity measures and preventing bugs.

“Patch the Planet” (a clear nod to “Hack the Planet,” the memorable phrase from the 1995 film “Hackers”) will involve OpenAI collaborating with the security firm Trail of Bits to support open source maintainers in securing their projects.

OpenAI indicated that security personnel from Trail of Bits will collaborate directly with open source maintainers to examine possible code vulnerabilities. OpenAI’s security tools — including Codex Security — will be employed to facilitate the process.

“Numerous maintainers are already facing demands to handle more reports, more rapidly, with the same limited time and resources,” OpenAI stated on Monday. “Patch the Planet aims to alleviate that pressure, not add to it: security engineers assess findings before they reach maintainers, collaborate with projects to create patches and tests, and establish reusable workflows that enable teams to continue enhancing security after the initial fixes are implemented.”

In essence, Trail of Bits engineers will act as code EMTs — assisting open source project maintainers in pinpointing and managing potential issues, all backed by OpenAI’s software. It appears to be an ambitious undertaking, and it remains somewhat uncertain how it will operate in the long run, or if there are plans for scaling it up.

Open source projects serve as the digital foundation for the commercial software industry, but, regrettably, due to the decentralized and inadequately monitored nature of that ecosystem, much of the software lacks security. Vulnerabilities in open source projects can lead to significant issues for commercial codebases. The log4j crisis from a few years back — when a serious vulnerability was discovered in a widely utilized open source tool — exemplifies this.

Much of the unease surrounding tools like Mythos (Anthropic’s well-publicized security tool) seems to arise from the capability of AI to automatically detect existing bugs within codebases and commence creating exploits for them. While the automation of cybercrime isn’t a new phenomenon, these tools certainly enhance the convenience for malicious actors.

OpenAI is reversing that trend by employing AI to assist the open source community in better safeguarding itself. It’s difficult not to interpret it as a competitive jab at Anthropic, while also acknowledging that it’s a necessity for the open source community.