OpenAI let GPT-5.5-Cyber loose on the open source software stack last week. In the first seven days, Trail of Bits — using OpenAI’s models — filed 64 pull requests, found 24 Linux kernel privilege escalation exploits, surfaced a 23-year-old root-access bug in OpenBSD, and uncovered enough Firefox vulnerabilities that five of six Pwn2Own entries withdrew before the competition even started. The initiative is called Patch the Planet. Here’s what it does, and what it means for the software you build on.
Not Just Bug Finding — The Full Loop #
Most AI security tools stop at discovery. Patch the Planet closes the entire loop: discovery, validation, severity review, coordinated disclosure, patch development, testing, and deployment. Trail of Bits security engineers review every finding before it reaches a maintainer. That detail matters more than it sounds. Noise is the reason most AI-generated security findings get ignored — too many false positives, too little context. Patch the Planet bets that human expert review at the front end makes the downstream fixes stick.
The initiative is part of OpenAI’s Daybreak cybersecurity program, which also includes Codex Security (an agentic scanning harness) and GPT-5.5-Cyber (the model doing the heavy lifting). Trail of Bits committed its entire security research organization to the effort. These are not interns with a chatbot.
What GPT-5.5-Cyber Actually Found #
The first-week numbers across 19 open source projects are difficult to dismiss:
Linux kernel: 8 kernel pointer information leak PoCs and 24 local privilege escalation exploits — from 30+ million lines of code analyzedOpenBSD: A use-after-free in System V semaphore code that had been sitting there for23 years. Any local user could get root.FreeBSD: 34 vulnerabilitiesChrome V8: 5 exploitable vulnerabilities — 3 identified and patched within days of being introducedSafari/WebKit: 10+ exploitable vulnerabilities discovered in roughly one week of focused workFirefox: CVE-2026-8390, a WebAssembly use-after-free, found and patched two days before Pwn2Own Berlin — five of six competing Firefox teams withdrew
That last one is worth sitting with. A competition team showed up with a Firefox exploit, then had to withdraw because Mozilla shipped a fix triggered by an AI finding the bug first. That’s a real shift in how security disclosure works.
The Software You Already Use Is on the List #
The 19 initial projects aren’t obscure research code. They include cURL, Go, Python, pyca/cryptography, Sigstore, aiohttp, urllib3, PyPI, NATS Server, Valkey, RustCrypto, and freenginx. These are foundational dependencies in virtually every production stack running today. More than 30 projects have committed to participate as the initiative expands.
If you have a requirements.txt
, a go.mod
, or anything that links against libcurl, you have a stake in this. The good news: vulnerabilities being found are also being patched — not just disclosed and left to languish in a CVE database.
Who Can Access GPT-5.5-Cyber #
Not you. Not yet, and possibly not ever in its full form.
GPT-5.5-Cyber is restricted to trusted defenders through OpenAI’s Trusted Access for Cyber program — verified organizations doing approved defensive work: pen testing, red teaming, malware analysis, secure code review. The reduced safety guardrails that make it effective also make it dangerous if handed out broadly. The same model that finds 24 Linux LPE exploits can, in theory, help weaponize them.
Codex Security, the agentic harness powering discovery, is separately available in research preview. It has scanned 30 million commits across 30,000+ codebases since March, with 70,000+ findings verified fixed. Developers and maintainers can run it on their own repositories — it’s the workflow scaffolding, distinct from GPT-5.5-Cyber’s raw capability.
The Dual-Use Question Isn’t Going Away #
The same capabilities that speed up fixing also speed up exploiting. OpenAI’s tiered access model is a deliberate attempt to gate the offense while expanding the defense. Whether that gate holds at scale is the real open question.
Anthropic’s Project Glasswing has separately uncovered 10,000+ high and critical vulnerabilities across open source software. The pattern is clear: AI-assisted security research now operates at a scale and speed that human teams alone cannot match. The bet OpenAI is making with Patch the Planet is that getting defensive applications in place first creates enough of a lead to matter.
For developers, the immediate takeaway is straightforward: the open source code you depend on is getting audited more aggressively than at any point in its history. Patch faster when CVEs land. The pipeline producing them just got significantly better.