OpenAI announced a new initiative on Monday designed to assist the open supply group enhance its cybersecurity sport and keep off bugs.
“Patch the Planet” (which is a not-so-subtle allusion to “Hack the Planet,” the enduring catchphrase from the 1995 film “Hackers”) will see OpenAI workforce up with the safety firm Trail of Bits to assist open supply maintainers safe their initiatives.
OpenAI mentioned safety workers from Path of Bits will work instantly with open supply maintainers to evaluate potential code points. OpenAI’s safety instruments — like Codex Safety — will probably be used to help within the course of.
“Many maintainers are already being requested to type via extra studies, extra rapidly, with the identical restricted time and sources,” OpenAI mentioned Monday. “Patch the Planet is constructed to cut back that burden, not add to it: safety engineers evaluate findings earlier than they attain maintainers, work with initiatives to develop patches and checks, and construct reusable workflows that assist groups proceed enhancing safety after the primary fixes land.”
In different phrases, Path of Bits engineers will operate kind of like code EMTs — there to assist open supply mission maintainers establish and triage potential points, all supported by OpenAI’s software program. It appears like an bold mission, and it’s considerably unclear the way it will operate in the long run, or the way it plans to scale up (if in any respect).
Open supply initiatives are the digital bedrock upon which the industrial software program trade rests, however, sadly, as a result of decentralized and poorly monitored construction of that ecosystem, a lot of the software program is insecure. Bugs in open supply initiatives can flip into main issues for industrial codebases. The log4j debacle from a number of years in the past — when a foul vulnerability was found in a extensively used open supply utility — is an effective instance.
A lot of the priority surrounding instruments like Mythos (Anthropic’s extremely publicized safety device) appears to stem from the truth that AI can now robotically establish current bugs inside codebases and set about creating exploits for them. Whereas the automation of cybercrime isn’t new, these instruments undoubtedly have the potential to make it considerably extra handy for dangerous actors.
OpenAI is popping that formulation on its head through the use of AI to assist the open supply group higher defend itself. It’s arduous to not learn it as a aggressive swipe at Anthropic, whereas additionally recognizing that it’s one thing the open supply group desperately wants.
While you buy via hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.
