{"data":{"id":"47301aac-5f5d-4c8f-a143-bd8dfc06bada","title":"OpenAI rolls out AI-led push to fix open-source software flaws","summary":"OpenAI launched Patch the Planet, a program that uses AI to find and fix vulnerabilities (security flaws) in widely-used open-source software (code that anyone can access and modify) with help from cybersecurity firm Trail of Bits. The program combines AI-assisted vulnerability research with human review to develop tested fixes and coordinate their disclosure through existing project channels. The initiative has already identified hundreds of security issues and merged dozens of patches across projects like Python, Go, and cURL.","solution":"The source describes the Patch the Planet program itself as the mitigation approach: AI-assisted vulnerability research is used alongside human review by Trail of Bits engineers who filter out false positives and duplicate reports before sending findings to maintainers. Additionally, the source recommends that CISOs implement governance controls before deploying AI-assisted vulnerability research, including what one analyst calls a 'Safety Relevance Layer' that requires every AI-generated finding to pass automated verification with dynamic proof-of-concept validation and strong false-positive filtering before reaching a human analyst, plus predefined escalation paths and notification timelines for disclosed flaws in external dependencies.","labels":["security","industry"],"sourceUrl":"https://www.csoonline.com/article/4188321/openai-rolls-out-ai-led-push-to-fix-open-source-software-flaws.html","publishedAt":"2026-06-23T10:32:40.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","Trail of Bits","HackerOne","Calif"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-23T10:32:40.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":null,"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}