OpenAI has made significant strides in enhancing its cyber-defense initiative, known as Daybreak, declaring that advancements in artificial intelligence (AI) have transformed the greatest security challenge from identifying software vulnerabilities to remedying them. This perspective was shared in an announcement made by the organization on June 22, highlighting a focus on automating the patching process.
During the announcement, OpenAI unveiled the full version of its latest cyber-focused model, GPT-5.5-Cyber, along with various updates to its Codex Security tool and an innovative open-source patching initiative. The introduction of GPT-5.5-Cyber aims to provide cybersecurity experts with a more efficient way to secure systems against potential threats.
### A More Capable, More Permissive Model
With the transition of GPT-5.5-Cyber from a preview state to a full release, the access to this model, however, remains restricted. OpenAI clarified that it would only permit access to verified defenders under a limited release framework, coupled with additional monitoring and control measures. This model has been characterized as being both more capable and more permissive than other general AI models, specifically tailored for authorized security tasks.
In a test named CyberGym, which evaluated whether an AI agent could replicate known vulnerabilities, GPT-5.5-Cyber achieved an impressive score of 85.6%. For comparison, the standard GPT-5.5 model scored 81.8%. OpenAI also reported notable improvements in tasks related to exploit writing and proof-of-concept (PoC) generation. The offensive capabilities of this model are a key reason for the tight restrictions on its access, with OpenAI emphasizing the need for regulation in its use.
### From Findings to Fixes
The initiative to automate patching has primarily utilized Codex Security—a tool that integrates with OpenAI’s Codex coding assistant, enabling it to scan code, validate vulnerabilities, and generate fixes for human evaluation. Since the preview launched in March, Codex Security has scanned over 30 million commits across 30,000 different codebases, resulting in the identification of more than 500,000 vulnerabilities that have been successfully addressed.
Additionally, a newly launched initiative called Patch the Planet, which was founded in collaboration with Trail of Bits and others, seeks to direct the same tools toward open-source software. This initiative focuses on financing researchers who assist software maintainers in fixing bugs, with partnerships established across more than 30 projects, including well-known software such as cURL, Go, and Python.
Furthermore, OpenAI has initiated a partner program, allowing security vendors such as CrowdStrike, Sophos, and Fortinet to incorporate its models into their products. This move aims to extend the reach of OpenAI’s security tools, making them accessible to a broader range of organizations.
OpenAI has framed its efforts as a way to maintain human oversight of security processes, ensuring that defensive capabilities reach more organizations before adversaries can exploit potential vulnerabilities. The company has also disclosed its collaboration with multiple governments and partnerships with operators of critical infrastructure, stressing the importance of its mission.
The benchmark figures shared by OpenAI originated from its own testing and indicate that it will continue to evaluate the effectiveness of these solutions in real-world situations.
In the competitive landscape of AI-driven security solutions, rival AI lab Anthropic recently introduced a similar initiative known as Project Glasswing, which was launched in April. Both efforts exemplify the growing commitment among AI organizations to enhance cybersecurity practices amid evolving threats in the digital landscape.
As the cybersecurity domain becomes increasingly intricate, OpenAI’s initiatives, particularly the expansion of the Daybreak program, underscore the potential of AI to play a pivotal role in not just identifying but also rectifying software vulnerabilities. The collaboration between organizations, coders, and researchers hints at a collective movement towards not only fortifying existing systems but also fostering a culture of proactive cybersecurity advocacy in an ever-changing digital world.