In the first week of 'Patch the Planet,' a joint initiative with OpenAI's Daybreak program, Trail of Bits deployed frontier AI models (GPT-5.5-Cyber) alongside human engineers to systematically secure critical open-source projects. The effort resulted in 64 pull requests and 51 issues across 19 projects, including cURL, NATS, Python, PyCA, Sigstore, and others. Unlike typical AI-generated bug reports that overwhelm maintainers, Trail of Bits focused on providing patches, not just bugs: 37 PRs have already been merged, adding fuzzing harnesses, CI security scanning, SBOMs, and long-term improvements. The initiative highlights a shift in security work—finding vulnerabilities is now easier with AI, but triaging, patching, and hardening remain labor-intensive. The team built a fuzzing lab for a major C library in under a day, created a CVE variant analysis pipeline, and performed differential testing across cryptographic libraries. A dedicated bot 'Patchy' tracks progress and celebrates merged fixes. Over 30 projects have joined, and more maintainers are invited to apply.

Key facts

• 64 pull requests and 51 issues filed across 19 projects in first week.
• 37 PRs already merged; focus on patches, not just bug reports.
• Built a fuzzing lab for a major C library in under one day using AI.
• Added CI security scanning, SBOMs, and correctness fixes to python.org and others.
• Over 30 projects have joined the initiative so far.