OpenAI announced a new initiative on Monday to the open source community designed to improve its cybersecurity game and protect against bugs.
“Patch the planet” (this is a “not so subtle hint”Hack the planet,” an iconic phrase from the 1995 film Hackers) will see OpenAI team up with a security company. A trace of lice helping open source owners secure their projects.
OpenAI said security staff from Trail of Bits will work directly with open source providers to review potential code issues. OpenAI’s security tools – such as Codex Security – will be used to assist in the process.
“Many maintainers are required to sort through more reports faster, with the same limited time and resources,” OpenAI said Monday. “Planet Patch is built to reduce this burden, not add to it: security engineers review findings before they reach maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue to improve security after initial fixes.”
In other words, Trail of Bits engineers will act more or less like code EMTs – there to help open source project owners identify and test for potential issues, all powered by OpenAI software. It sounds like an ambitious project, and it’s somewhat unclear how it will perform in the long term or how it plans to scale (if at all).
Open source projects are the digital foundation on which the commercial software industry rests, but unfortunately, due to the decentralized and poorly monitored structure of this ecosystem, much of the software is unreliable. Bugs in open source projects can become big problems for commercial codebases. Log4j disaster a few years ago – when a nasty vulnerability was discovered in a widely used open source software – is a good example.
Much of the concern with tools like Mythos (Anthropic’s highly touted security tool) stems from the fact that AI can automatically identify existing bugs in codebases and begin creating exploits for them. while automation of cybercrime While not new, these tools certainly have the potential to make it significantly more convenient for bad actors.
OpenAI uses this formula by using artificial intelligence to help the open source community better protect itself. It’s hard not to read this as a competitive swipe at Anthropic, while acknowledging that it’s something the open source community desperately needs.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
