\n<\/p>\n
OpenAI announced a new initiative<\/a> on Monday designed to help the open source community improve its cybersecurity game and ward off bugs.<\/p>\n \u201cPatch the Planet,\u201d (which is a not-so-subtle allusion to \u201cHack the Planet<\/a>,\u201d the iconic catch phrase from the 1995 movie Hackers<\/em>) will see OpenAI team up with the security company Trail of Bits<\/a>\u00a0to help open source maintainers secure their projects. <\/p>\n OpenAI said security staff from Trail of Bits will work directly with open source maintainers to review potential code issues. OpenAI\u2019s security tools \u2014 like Codex Security \u2014 will be used to assist in the process.<\/p>\n \u201cMany maintainers are already being asked to sort through more reports, more quickly, with the same limited time and resources,\u201d OpenAI said Monday. \u201cPatch the Planet is built to reduce that burden, not add to it: security engineers review findings before they reach maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue improving security after the first fixes land.\u201d <\/p>\n In other words, Trail of Bits engineers will function more or less like code EMTs \u2014 there to help open source project maintainers identify and triage potential issues, all supported by OpenAI\u2019s software. It sounds like an ambitious project, and it\u2019s somewhat unclear how it will function in the long term, or how it plans to scale up (if at all).<\/p>\n Open source projects are the digital bedrock upon which the commercial software industry rests, but, unfortunately, due to the decentralized and poorly monitored structure of that ecosystem, much of the software is insecure. Bugs in open-source projects can turn into major problems for commercial codebases. The log4j debacle<\/a> from several years ago \u2014 when a bad vulnerability was discovered in a widely used open source utility \u2014 is a good example.<\/p>\n Much of the concern surrounding tools like Mythos (Anthropic\u2019s highly publicized security tool) seems to stem from the fact that AI can now automatically identify existing bugs within codebases and set about creating exploits for them. While the automation of cybercrime<\/a> is not new, these tools undoubtedly have the potential to make it significantly more convenient for bad actors.<\/p>\n OpenAI is turning that formula on its head by using AI to help the open source community better protect itself. It\u2019s hard not to read it as a competitive swipe at Anthropic, while also recognizing that it\u2019s something the open source community desperately needs.<\/p>\n<\/div>\n When you purchase through links in our articles, we may earn a small commission<\/a>. This doesn\u2019t affect our editorial independence.<\/em><\/p>\n