OpenAI declared a new initiative on Monday designed to support the open source community enhance its cybersecurity game and ward off bugs.
“Patch the Planet” (that is a not-so-subtle allusion to “Hack the Planet,” the iconic catchphrase from the 1995 film “Hackers”) will see OpenAI team up with the security company Trail of Bits to assist open source maintainers secure their projects.
OpenAI said security staff from Trail of Bits will work directly with open source maintainers to review potential code issue. OpenAI’s security tools— like Codex Security — will be used to assist in the process.
“Many maintainers are already being requested to sort through more reports, more faster, with the same restrained time and resources,” OpenAI stated Monday. “Patch the Planet is built to reduce that burden, not add to it: security engineers review findings before they attain maintainers, work with projects to broaden patches and tests, and build reusable workflows that assist teams keep enhancing security after the first fixes land.”
In other words, Trail of Bits engineers will function more or much less like code EMTs — there to assist open source project maintainers detect and triage potential issues, all supported by OpenAI’s software. It sounds like an ambitious venture, and it’s really doubtful how it will function in the long term, how it plans to scale up (if at all).
Open source projects are the digital bedrock upon which the commercial software industry, but, unfortunately, because of the decentralized and poorly monitored shape of that ecosystem, tons of the software is insecure. Bugs in open supply ventures can turn into major troubles for commercial codebases. The log4j debacle from numerous years ago — whilst a bad vulnerability was discovered in a broadly used open source utility— is a good example.
Much of the concern surrounding tools like Mythos (Anthropic’s exceptionally publicized security device) appears to stem from the truth that AI can now automatically detect existing bugs within codebases and set about developing exploits for them. While the automation of cybercrime is not new, these tools undoubtedly have the ability to make it considerable more convenient for bad actors.
OpenAI is turning that formula on its head by using AI to assist the open source community better protect itself. It’s tough not to read it as a competitive swipe at Anthropic, even as also recognizing that it’s something the open source community desperately needs.
