Field reports from Patch the Planet
Trail of Bits and OpenAI's Patch the Planet initiative used GPT-5.5-Cyber to autonomously build a bespoke fuzzing harness for zlib in a single day, discovering multiple vulnerabilities now undergoing coordinated disclosure. The model independently chose dynamic fuzzing over static review, wrote C/C++ harnesses across a dozen entrypoints, used ASan/UBSan builds and compile-time variants, and demonstrated disciplined reporting by filtering out unreachable crashes. This represents a significant shift in the threat model: the expertise barrier for bespoke fuzzing has collapsed, making large-scale vulnerability discovery accessible to both skilled researchers and low-skill attackers.
Detection / Hunteropenrouter
What Happened
Trail of Bits partnered with OpenAI on a project called Patch the Planet, where AI models are used to find and fix security bugs in open-source software before attackers can exploit them. In the first reported case, an AI model called GPT-5.5-Cyber was given the goal of finding dangerous bugs in zlib, a widely used data compression library. In a single day, the AI built testing tools that would normally take a human expert weeks to create, and found several security flaws that are now being reported to the library's maintainers for fixing. The key concern is that this same AI capability is available to anyone, including attackers, which means organizations shipping security-critical software should invest in AI-driven security testing themselves to find and fix bugs before adversaries do.
Key Takeaways
- GPT-5.5-Cyber autonomously built a complete fuzzing harness for zlib in a single day, a task that would take a skilled security researcher weeks
- The model independently decided static code review was low-value for a well-audited library like zlib and chose dynamic fuzzing instead, demonstrating strategic decision-making
- Multiple vulnerabilities were found across a dozen zlib entrypoints (inflate, inflateBack, uncompress2, gzFile, MiniZip, etc.) and are currently undergoing coordinated disclosure
- The expertise barrier for bespoke fuzzing campaigns has collapsed — both skilled researchers and low-skill attackers can now leverage AI to audit code at scale
- The model demonstrated reporting discipline by correctly classifying a null callback crash in inflateBack as unreachable under real-world conditions and moving on to higher-impact findings
Affected Systems
- zlib (widely used data compression library)
- Open-source projects participating in Patch the Planet initiative
Vulnerabilities (CVEs)
None identified.
Attack Chain
- Goal Setting: GPT-5.5-Cyber was directed at zlib via Codex /goal command to find a specific class of dangerous bugs in the compression library
- Strategy Selection: Model independently judged static code review as low-value for well-audited zlib and chose to build dynamic fuzzing tooling instead
- Harness Construction: Model wrote C/C++ fuzzing harnesses across a dozen entrypoints (inflate, inflateBack, uncompress2, gzFile, MiniZip, puff, blast, infback9, gzjoin, gzappend, contrib wrappers)
- Variant Builds: Model used ASan/UBSan builds and compile-time variants (INFLATE_STRICT, BUILDFIXED, PKZIP_BUG_WORKAROUND) to reach hidden code paths
- Finding Triage: Model applied strict validity rules, correctly discarding unreachable crashes (e.g., null callback in inflateBack) and escalating higher-impact issues
- Coordinated Disclosure: Multiple findings are currently undergoing coordinated disclosure; full harness and findings will be published after patches are released
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
No detection rules are provided in this article. The full fuzzing harness and findings will be published after the zlib vulnerabilities are patched and a new release is cut.
Detection Engineering Assessment
| Dimension | Rating | Rationale |
|---|---|---|
| EDR Visibility | None | This article describes AI-driven vulnerability research methodology, not an active threat or endpoint-based attack. There are no EDR-relevant indicators to detect. |
| Network Visibility | None | No network-based attack activity or C2 infrastructure is described. This is a defensive research article about AI capability for finding software vulnerabilities. |
| Detection Difficulty | N/A | Detection engineering is not applicable to this article. It describes a vulnerability research process, not an attacker campaign that would generate detectable telemetry in a defender's environment. |
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| If your organization maintains C/C++ libraries with public APIs, consider whether AI-driven fuzzing campaigns targeting your codebase may have already discovered unpatched vulnerabilities that could be exploited before patches are available. | Vulnerability management feeds, CVE monitoring, upstream library issue trackers | Vulnerability Discovery | Low — this is a strategic awareness hypothesis, not a log-based detection |
Control Gaps
- Traditional code review processes may not scale to match the speed of AI-driven vulnerability discovery, creating a window between bug discovery and patching
- Projects relying solely on existing OSS-Fuzz harnesses may miss bugs in code paths reachable only through compile-time variants or non-default API states
Key Behavioral Indicators
- Monitor upstream zlib (and other critical library) repositories for security patches and CVE disclosures in the coming weeks, as findings from this campaign are still under coordinated disclosure
- Track for any public release of the GPT-5.5-Cyber fuzzing harness, which could be repurposed by attackers to find the same or related bugs before patches are deployed
False Positive Assessment
- N/A — This article describes a vulnerability research methodology and AI capability demonstration, not an active threat with detectable indicators in a defender's environment.
Recommendations
Immediate Mitigation
- Verify against your organization's incident response runbook and team escalation paths before acting. Consider inventorying all dependencies on zlib and related compression libraries across your software estate to prepare for upcoming CVE disclosures from this coordinated disclosure process.
- Consider subscribing to security advisories for zlib and monitoring the Trail of Bits blog for the forthcoming full harness and findings publication.
Infrastructure Hardening
- Evaluate whether your organization's software development lifecycle includes AI-assisted fuzzing campaigns for security-critical libraries, as the article demonstrates this is now feasible at low cost and the defensive advantage goes to those who find and fix bugs first.
- If applicable, consider integrating compile-time variant builds (e.g., INFLATE_STRICT, BUILDFIXED) into your CI/CD fuzzing pipelines to reach code paths hidden by default build configurations.
User Protection
- Where supported by your tooling, consider deploying runtime sanitizers (ASan, UBSan) in pre-production environments for security-critical C/C++ components to surface memory errors before deployment.
Security Awareness
- Consider briefing development teams on the collapsing expertise barrier for bespoke fuzzing — attackers can now run sophisticated vulnerability discovery campaigns with minimal manual effort, which shortens the window between vulnerability introduction and exploitation.
- If your organization maintains open-source projects, consider proactively engaging with initiatives like Patch the Planet or running AI-driven security audits before adversaries do.