Home News SoftBank Corp. and SB OAI Japan Expand Rollout of OpenAI-Powered “Patching as a Service” to 3,000 Eligible Companies and Fully Launch the Service SoftBank Cor...

2026.7.14

Release

SoftBank Corp. and SB OAI Japan Expand
Rollout of OpenAI-Powered “Patching as a Service”
to 3,000 Eligible Companies and Fully Launch the Service

Service provides end-to-end support—from vulnerability assessments to patch deployment—to help continuously safeguard systems supporting Japan's critical infrastructure against cyberattacks

SoftBank Corp. (“SoftBank”) and SB OAI Japan GK (“SB OAI Japan”) today announced the full launch of “Patching as a Service,” a cybersecurity solution powered by the advanced AI capabilities of OpenAI Group PBC (“OpenAI”), expanding the rollout to 3,000 eligible Japan-based companies. Designed to safeguard the systems of companies supporting critical infrastructure against cyberattacks, Patching as a Service combines OpenAI’s technologies provided by SB OAI Japan with SoftBank Corp’s operational knowhow to provide end-to-end services, from vulnerability assessments and diagnostic reports to remediation recommendations and patch* deployments.

Cyberattacks targeting systems that support critical infrastructure can result in service interruptions and data breaches, posing substantial risks to society. As malicious actors use AI to launch increasingly sophisticated and rapidly executed cyberattacks, enterprises face challenges to keep pace with conventional cybersecurity approaches due to a shortage of cybersecurity professionals and other factors. To counter AI-accelerated cyber threats, SoftBank and SB OAI Japan believe that organizations need to leverage AI to implement rapid and continuous security measures. To address these challenges, the companies are providing Patching as a Service. SoftBank and SB OAI Japan have already conducted vulnerability assessments using Patching as a Service for a select group of companies. The assessments identified an average of approximately 280 potential vulnerabilities per 10 million lines of source code, of which 25% were classified as high-risk vulnerabilities potentially requiring immediate remediation.

SoftBank and SB OAI Japan will progressively introduce optional services to further strengthen the cyber defense capabilities of enterprises based in Japan. In addition, they plan to offer a modernization service, a separate solution designed to enhance system security by optimizing systems themselves, rather than simply addressing vulnerabilities. The modernization service supports initiatives such as refactoring and reorganizing source code, modernizing programming languages, and migrating legacy on-premises environments with maintenance challenges to cloud environments. By using the modernization service, enterprises can implement AI-native system operations, making their systems and source code easier for both AI and operators to analyze, validate, and remediate. When used together with Patching as a Service, the modernization service helps organizations maintain more resilient systems.

SoftBank plans to establish an “Enterprise AI Cyber Defense Office,” an organization dedicated to cybersecurity, on July 16, 2026. Together with SB OAI Japan, SoftBank will deploy a team of approximately 1,000 personnel to deliver Patching as a Service and provide consulting services to client organizations. Ahead of the launch of Patching as a Service, SoftBank first deployed the solution across its own internal systems, conducting vulnerability assessments and remediation within a short timeframe. Through this process, SoftBank gained extensive operational expertise in responding to cyberattacks quickly and effectively. By combining consulting services based on these insights with OpenAI's advanced AI technologies, SoftBank will provide robust cybersecurity support to companies operating systems that underpin Japan's critical infrastructure.

*Software programs that fix vulnerabilities and software defects.

Patching as a Service features

• Source code assessments

Patching as a Service analyzes source code to identify potential vulnerabilities, including anomalous code, configuration issues, and outdated authentication methods, while organizing the identified issues and their potential impact (static assessment). Based on these results, Patching as a Service also performs testing, as needed, to determine whether the identified vulnerabilities may be exploitable in a live environment and to assess their potential impact (dynamic assessment).

 

• Attack assessments

Patching as a Service conducts simulated attacks based on externally observable system behavior to identify potential vulnerabilities from an attacker's perspective. By uncovering vulnerability risks that may be difficult to detect through source code assessments alone, Patching as a Service helps organizations better understand potential exposures and identify the issues that should be prioritized for remediation.

 

• Reports and remediation recommendations

Based on the results of the source code and attack assessments, Patching as a Service provides a report summarizing potential vulnerabilities, their potential impact, remediation priorities, and recommended countermeasures. In addition, dedicated specialists provide consulting on remediation strategies tailored to each customer's system environment.

 

• Patch deployment

Based on the results of the source code and attack assessments, Patching as a Service creates the patches required to remediate identified vulnerabilities. After validating the patches through testing in a simulated system environment, Patching as a Service deploys them.

Comments from companies that participated in initial vulnerability assessments

• Retail company

“A comprehensive assessment of the large volume of source code supporting our core services was conducted. Using AI-powered analysis, Patching as a Service successfully identified fundamental security risks that are often difficult to detect through conventional assessments, including issues related to permission boundaries in our multi-tenant infrastructure and insufficient separation of authentication credentials. We greatly appreciated the team’s speed and responsiveness.”

 

• Trading company

“Vulnerability assessments for the system subject to this engagement have traditionally taken about two months each year, and securing a test environment while minimizing the impact on development activities has been a longstanding challenge. With the source code assessment, we received the assessment report just two days after the assessment began, and we were pleasantly surprised by the speed of Patching as a Service. Its ability to minimize the impact on our development schedule gives us a significant advantage, and we believe it will also help shorten the time between completing development and launching new services.”

 

• Healthcare-related company

“We have used a number of vulnerability assessment services, but even the fastest ones typically took two to three weeks to go from the start of the assessment to the delivery of the final report. In cybersecurity, it is important not only to achieve a high level of assessment accuracy, but also to quickly identify risks and start remediation. We see significant value in Patching as a Service because it helps us move more quickly from assessment to remediation. We believe it will become an effective solution for supporting our continuous cybersecurity efforts.”

● SoftBank, the SoftBank name and logo are registered trademarks or trademarks of SoftBank Group Corp. in Japan and other countries.

●Other company, product and service names in this press release are registered trademarks or trademarks of the respective companies.