Who is participating in Patch the Planet?

Initial participants confirmed for the launch include cURL (web data transfer library used everywhere), Go (Google's programming language), Python (CPython itself), Sigstore (artifact signing for supply chain security), and pyca/cryptography (Python cryptographic primitives). OpenAI says more than 30 open-source projects have committed total. Trail of Bits is the primary security partner running the automations; HackerOne handles vulnerability disclosure and coordination with maintainers. Expect more projects to be added as the program scales — the architecture is designed for fan-out.

Is Patch the Planet a copy of Anthropic's Glasswing?

Strategically, yes — and OpenAI is not subtle about it. Anthropic's Project Glasswing established the playbook: fix real vulnerabilities in critical OSS and infrastructure, build trust with government, become 'too important to shut down.' Glasswing famously survived the Fable 5 US suspension because of that protected status. Patch the Planet is OpenAI's lift-and-shift implementation: same partner-driven structure, same OSS targeting, same political-economic logic. The differences are personnel (Trail of Bits + HackerOne instead of Glasswing's 50+ partners) and product surface (Codex Security IDE plugin instead of Claude Code defensive workflows). Same play, different brand.

How can my open-source project join Patch the Planet?

Through HackerOne, which is the disclosure coordination partner. The realistic path is: (1) Have a project of sufficient strategic importance that Trail of Bits or OpenAI reach out — the initial cohort is curated, not open application. (2) Smaller projects can adopt the reusable testing workflows OpenAI is publishing (fuzzing harnesses, variant analysis configs, differential testing setups) without formally being in the program. (3) Maintainers who want priority should make sure their projects are signed up on HackerOne and have a working security disclosure process — that's the minimum table-stakes integration. Expect application-based expansion later in 2026.

Quick Answer

What is Patch the Planet? OpenAI + Trail of Bits Initiative (Jun 23, 2026)

Q: What is Patch the Planet?

Patch the Planet is an open-source security initiative launched by OpenAI on June 23, 2026 in partnership with Trail of Bits and HackerOne. It uses GPT-5.5-Cyber and Codex /goal automations to systematically find, validate, and patch security vulnerabilities in critical open-source software. More than 30 projects have committed to participate, with initial participants including cURL, Go, Python, Sigstore, and pyca/cryptography. The initial five-day sprint surfaced hundreds of issues, merged dozens of patches, and produced reusable testing workflows (fuzzing, variant analysis, differential testing) that other projects can adopt.

Published: June 23, 2026

What is Patch the Planet? OpenAI’s Open-Source Security Initiative

Patch the Planet is OpenAI’s open-source security program, launched June 23, 2026 alongside the full release of GPT-5.5-Cyber and the Codex Security IDE plugin. It is a direct strategic mirror of Anthropic’s Project Glasswing. Here’s what it does, what shipped, and why it matters.

Last verified: June 23, 2026.

The one-paragraph answer

Patch the Planet uses OpenAI’s restricted-access cybersecurity model (GPT-5.5-Cyber) plus Codex agent automations to systematically scan, validate, and patch vulnerabilities in critical open-source software. The work is coordinated with Trail of Bits (security partner) and HackerOne (disclosure partner). The first five-day sprint surfaced hundreds of issues across 30+ projects, merged dozens of patches, and produced reusable testing workflows other projects can adopt. The political-economic point of the program — not hidden in OpenAI’s framing — is to make the Daybreak platform “too important to shut down” in the same way Glasswing protected Anthropic during Fable 5 suspension.

What launched today

Component	What it is
GPT-5.5-Cyber (full)	Cybersecurity-tuned model, 85.6% on CyberGym (vs 81.8% standard GPT-5.5), restricted to verified defenders
Codex Security plugin	IDE plugin embedding vulnerability scanning into the developer workflow
Patch the Planet	Operational program running Codex /goal sweeps on critical OSS, partnered with Trail of Bits + HackerOne

The three pieces together are OpenAI’s complete cybersecurity stack response to Anthropic Glasswing.

What the first sprint actually produced

OpenAI ran a five-day sprint across multiple participating projects in the lead-up to launch. Reported outcomes:

Hundreds of security issues surfaced across the cohort
Dozens of patches merged into upstream projects
Reusable testing workflows published, including fuzzing, variant analysis, and differential testing harnesses
Trail of Bits Linux kernel demo: GPT-5.5-Cyber identified security-relevant components across 30M+ lines of code, validated issues dynamically, generated 8 kernel pointer information leak proof-of-concepts and 24 local privilege escalation exploits

The Linux kernel result is the headline capability demo. It would normally take a top-tier security team weeks to produce — and the model produced it in a single Codex /goal sweep with human review.

The initial cohort

Five projects publicly confirmed for the first wave:

cURL — Daniel Stenberg’s data transfer library, embedded in essentially every connected device
Go — Google’s programming language and standard library
Python (CPython) — language runtime
Sigstore — artifact signing for supply chain security
pyca/cryptography — Python cryptographic primitives

OpenAI says 30+ total projects have committed. Trail of Bits and HackerOne handle operational coordination.

Why critical OSS, not enterprise?

Because OSS fixes are the highest-leverage way to demonstrate civic value. Critical OSS underlies the entire enterprise stack — every fix in cURL ripples to billions of devices, every fix in CPython ripples to nearly every cloud workload. Fixing OSS:

Generates measurable, audit-friendly outcomes (CVEs filed, patches merged)
Builds trust with government and standards bodies
Creates a political case for keeping the underlying model accessible during future restrictive policy actions

This is exactly what Glasswing achieved for Anthropic. It is exactly what Patch the Planet is designed to achieve for OpenAI.

How it differs from Glasswing

Dimension	Patch the Planet	Project Glasswing
Lab	OpenAI	Anthropic
Model	GPT-5.5-Cyber (full)	Mythos / Glasswing-tuned variants
Operational partners	Trail of Bits, HackerOne	50+ partners across infra, OSS, government
IDE surface	Codex Security plugin (new today)	Claude Code defensive workflows
EU posture	Daybreak platform — no formal EU anchor yet	ENISA cooperation announced June 18, 2026
Proof point	First Linux kernel demo, June 23, 2026	Survived Fable 5 US suspension

Glasswing has more partner depth and an EU government anchor. Patch the Planet has a more developer-embedded surface via Codex Security.

What this means for OSS maintainers

If you maintain a critical open-source project, three practical implications:

You may be approached. Trail of Bits and HackerOne will be coordinating expansion of the cohort. If your project is widely deployed in critical infrastructure, expect outreach.
You can adopt the workflows without joining. The fuzzing harnesses, variant analysis configs, and differential testing setups OpenAI is publishing are usable independently. The model access is restricted; the testing playbooks are public.
HackerOne disclosure hygiene matters more. With AI-driven scans being run by labs, disclosure quality becomes the bottleneck. Make sure your project’s security policy and HackerOne (or equivalent) integration are clean.

The unspoken third question

The third question every OSS maintainer should ask: what happens when the same model that finds bugs for OpenAI’s authorized defenders gets stolen, leaked, or replicated? GPT-5.5-Cyber’s offensive capability is real — 24 local privilege escalations from a single Codex sweep on the Linux kernel is not a defensive-only capability. Trusted Access for Cyber is the human-review wrapper that keeps that asymmetry on the right side. If that wrapper fails, the same engine becomes a vulnerability-discovery weapon. The political case for restricted access is that this asymmetry is too dangerous to commoditize — and the OSS contribution program is the credibility that buys the restricted access.

Sources

OpenAI Daybreak / Patch the Planet launch coverage, June 23, 2026
AIToolsRecap, “AI News June 23 2026,” for sprint outcome reporting
Trail of Bits Linux kernel demo write-ups
CyberGym benchmark leaderboards (llm-stats.com, benchlm.ai)

Verified June 23, 2026.