OpenAI has expanded its Daybreak program, adding tools that automatically patch software vulnerabilities, releasing the full version of its GPT-5.5-Cyber model, an updated Codex Security plugin, and a partner program for cybersecurity vendors.
The company says the bottleneck in defense has moved from finding holes to closing them.
“AI models work through large codebases and find vulnerabilities faster than people can, so the volume of findings now outpaces what defenders are able to handle,” the press release states.
What the New Tools Can Do
According to OpenAI, since March, Codex Security has scanned more than 30 million commits across over 30,000 codebases and closed more than 500,000 findings. The updated version integrates directly into Codex: it reads through the code, locates vulnerabilities, prepares a targeted patch, and verifies the result. The final call on whether to apply the changes stays with a human.
Read also: Which AI Is Best for Different Tasks: A Review of the Main LLMs, Their Strengths and Weaknesses
OpenAI positions GPT-5.5-Cyber as its strongest model for finding and fixing vulnerabilities. On the CyberGym benchmark, it scored 85.6% versus 81.8% for the standard GPT-5.5, and on ExploitGym, 39.5% versus 25.9%. Access remains limited and is open only to vetted defenders, with enhanced verification and monitoring.
How Access Is Distributed
The Daybreak Cyber Partner Program lets security vendors use GPT-5.5 inside their own products without giving customers direct access to the model. Participants include Cisco, Cloudflare, CrowdStrike, IBM, Palo Alto Networks, Wiz, and Zscaler.
The Patch the Planet initiative, founded together with Trail of Bits, funds security experts to work alongside open-source maintainers. More than 30 projects have joined, with cURL, Go, Python, and Sigstore among the first to sign on. Under this initiative, researchers handle the review and de-duplication of vulnerabilities and patches before they reach the maintainers.
Over the past month, OpenAI has also signed partnerships to protect critical infrastructure with Australia, Canada, France, Germany, Japan, the Republic of Korea, and EU institutions.