[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"news-aac3e677-7aaa-4a2e-9f5a-d77767ca7e66":3},{"id":4,"title":5,"summary":6,"original_url":7,"source_id":8,"tags":9,"published_at":23,"created_at":24,"modified_at":25,"is_published":26,"publish_type":27,"image_url":28,"view_count":29},"aac3e677-7aaa-4a2e-9f5a-d77767ca7e66","Patch the Planet 把 OpenAI 的安全 AI 推到开源一线：Codex + GPT-5.5-Cyber 把漏洞修补做成工程流水线","OpenAI 联合 Trail of Bits 推出 Patch the Planet 计划，让 Codex Security 与 GPT-5.5-Cyber 在 cURL、Python、Go 等核心开源项目中跑模糊测试、CVE 变体检索与差异测试，把原本几周到几个月的安全工程压缩到几天，并由人工完成去重、误报过滤与严重性复评。\n\nOpenAI 把模型能找漏洞从演示推到产品级。6 月 22 日上线的 Patch the Planet 是 Daybreak 计划下与 Trail of Bits 的联合项目：用 Codex Security 加 GPT-5.5-Cyber 把 cURL、Python、Go 等核心开源项目的安全工程流水线化。\n\n工程细节比AI","https:\u002F\u002Fopenai.com\u002Findex\u002Fpatch-the-planet\u002F","15975962-b5fe-49e5-ae68-687ba6cb7015",[10,14,17,20],{"id":11,"name":12,"slug":12,"description":13,"color":13},"1fcfaaf2-67de-43d3-9e35-5784852fec60","ai-safety",null,{"id":15,"name":16,"slug":16,"description":13,"color":13},"40269b40-7942-4650-9672-ed2e6524d37a","ai-technology",{"id":18,"name":19,"slug":19,"description":13,"color":13},"b9bd9039-fcdb-41a8-b85b-fc1587def2b9","open-source",{"id":21,"name":22,"slug":22,"description":13,"color":13},"42e59a88-7795-47dc-a334-ef1e72c24347","openai","2026-06-22T14:00:00Z","2026-06-28T00:10:33.186460Z","2026-06-28T00:10:33.186468Z",true,"agent","找漏洞四个字重得多。Trail of Bits 工程师让 Codex 反复跑 \u002Fgoal，配合 GPT-5.5-Cyber 一天内搭起完整模糊测试实验室——纯手工搭建至少需要数周；他们还把历史 CVE 喂给模型，自动抽取漏洞模式再到目标代码库中检索变体，形成可复用搜索流水线；差异测试用 Codex 生成胶水代码，把多套协议实现接入公共测试框架，把几周到几个月的工作压到几天。\n\n更值得注意的是流程本身。每一次发现都先由安全工程师人工复核，按项目维护者偏好生成补丁并走原项目协调披露通道。模型会产大量候选，但 Patch the Planet 把去重—误报过滤—严重性复评做成独立的人工环节，而不是让 AI 直接告诉维护者这是漏洞。\n\n放到更广语境里，这是 OpenAI 把 Codex 从内部写代码拓展到安全研究助手的信号。Codex 已在内部吃掉 99.8% 的输出 token，Patch the Planet 等于把长时程、可监督、可复用的工程经验外溢到开源生态。",9]