Patch the Planet Initiative Launches AI‑Assisted Security Research and Patching for Open‑Source Maintainers

Patch the Planet, a Daybreak initiative launched on June 22, 2026, partners with Trail of Bits to give open‑source maintainers AI‑assisted security research and patching. The program pairs frontier models such as GPT‑5.5‑Cyber and Codex Security with expert human review to validate findings, develop patches, and coordinate disclosure, thereby reducing the backlog that maintainers face. Trail of Bits has committed its entire security research organization and is already working with 19 projects—including cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, Go, freenginx, Python, and python.org—to identify hundreds of vulnerabilities and merge dozens of patches. The initiative has produced reusable workflows such as a fuzzing lab built in less than a day, a variant‑search pipeline that ingests historical CVEs, and differential testing harnesses that compare multiple protocol implementations. In early results, GPT‑5.5‑Cyber uncovered 8 kernel pointer leaks and 24 local privilege escalations in the Linux kernel, a 23‑year‑old use‑after‑free in OpenBSD, 34 vulnerabilities with 7 LPE PoCs in FreeBSD, and four dnsmasq CVEs that were later fixed in version 2.92rel2. The program also identified an HTTP/2 “Bomb” denial‑of‑service affecting over 880,000 sites and five exploitable V8 JavaScript engine bugs in Chrome. By integrating these AI‑driven workflows, maintainers can accelerate triage, patch development, and disclosure while keeping control over release decisions.