OpenAI today announced a major expansion of Daybreak, a cybersecurity initiative designed to help defenders find, validate, and fix software vulnerabilities earlier in the development process.
The availability of powerful AI models has definitely changed the cybersecurity landscape by making vulnerability discovery much faster. However, the bigger bottleneck for the industry is now patching those vulnerabilities. Impacted software teams need to validate the discovered issues, understand their impact, develop fixes, test them, and deploy patches.
Back in March, OpenAI launched a preview of Codex Security, which uses agentic reasoning with automated validation to discover high-impact issues and actionable fixes specific to the codebase. Since then, it has scanned more than 30 million commits across over 30,000 codebases; more than 70,000 findings were marked as fixed by human reviewers, while over 500,000 findings were automatically determined to be fixed.
Now, OpenAI is releasing an updated Codex Security plugin that can run deep scans, review recent code changes, generate security reports, trace attack paths, validate findings, and create codebase-specific patches for human review. It can also triage findings from existing scanners, advisories, bug bounty reports, and ticketing systems. OpenAI says the plugin can export results to vulnerability management systems and integrate with workflows using SARIF files, CodeQL queries, the Codex CLI, and the Codex app.
Back in May, OpenAI announced the preview of GPT-5.5-Cyber, a new model built on top of the recently released GPT-5.5, designed for specialized cybersecurity work. Today, OpenAI launched the full version of GPT-5.5-Cyber through a limited release for verified defenders. On CyberGym, GPT-5.5-Cyber scored 85.6%, compared with 81.8% for GPT-5.5 and 83.8% for Claude Mythos 5. It also scored 39.5% on ExploitGym, compared with 25.95% for GPT-5.5, and 69.8% on SEC-bench Pro, compared with 63.1%.
OpenAI also announced the new Daybreak Cyber Partner Program, which will allow security vendors and service providers to use GPT-5.5 with Trusted Access for Cyber in their products and services. Accenture, Akamai, Cisco, Cloudflare, CrowdStrike, IBM, Palo Alto Networks, Proofpoint, SentinelOne, Wiz, Zscaler, and others were listed as initial partners for this program.
OpenAI is also launching Patch the Planet with Trail of Bits, HackerOne, Calif, researchers, and maintainers. More than 30 open-source projects have committed to participate, including cURL, Go, Python, Sigstore, and pyca/cryptography.