OpenAI said on the 23rd that it will expand "Daybreak," which uses AI to strengthen the cybersecurity capabilities of organizations worldwide. Daybreak is OpenAI's cybersecurity initiative that aims to accelerate the entire remediation process—from finding software vulnerabilities to validation and risk assessment, patch development, testing, and deployment—beyond mere discovery.
With the Daybreak expansion, OpenAI unveiled the Codex Security plugin. Codex Security goes beyond generating alerts to understand a team's code and threat model, create a new threat model if none exists, and identify potential vulnerabilities. It also determines whether the affected code is practically accessible, gathers evidence needed for validation procedures, develops a patch suited to the issue, and verifies the results. Developers and security staff decide whether to further investigate discovered vulnerabilities and apply patches.
A full version of GPT-5.5-Cyber for vetted defense experts was also released on a limited basis. It is OpenAI's most powerful model that helps find and patch software vulnerabilities while maintaining general intelligence and the ability to perform long, complex tasks. The model analyzes security-related components and attack paths in large codebases, verifies vulnerabilities in controlled environments, and supports patch development and testing. On CyberGym, a cybersecurity benchmark that evaluates the ability to reproduce known vulnerabilities, it scored 85.6%, surpassing GPT-5.5's 81.8%.
OpenAI is also launching the Daybreak Cyber Partner Program to help selected security software and service partners use GPT-5.5 and a trust-based approach to cybersecurity in customer products and services.
In addition, it launched the "Patch the Planet" program to help open-source project maintainers move from vulnerability discovery to actual remediation. OpenAI, together with security research company Trail of Bits, is helping security researchers use advanced models and Codex Security to validate and patch vulnerabilities in open-source projects. HackerOne and Calif are supporting vulnerability triage, coordinated disclosure, and additional vulnerability hunting.
More than 30 open-source projects have expressed interest in joining the program. Early participants include the internet data transfer tool cURL, the open-source programming languages Go and Python, Sigstore for verifying software provenance and integrity, and the Python cryptography library pyca/cryptography. Participating projects receive ChatGPT Pro access, conditional access to Codex Security, and API credits for automating and deploying core development and maintenance tasks.
OpenAI is also working with the U.S. government and federal agencies, as well as governments and agencies in other countries, to prepare for the advent of AI models with stronger cybersecurity capabilities. Over the past month, it formed a "Trusted Access for Cyber" partnership with Korea, Australia, Canada, France, Germany, and Japan, as well as EU bodies including the European Union Agency for Cybersecurity (ENISA).
Through Daybreak, OpenAI plans to link cutting-edge models, Codex Security, Patch the Planet, expert researchers, open-source maintainers, security partners, core infrastructure operators, and trust-based access controls into one to help defenders respond to cybersecurity threats.
OpenAI said, "The ultimate goal is not just to use AI models to find more vulnerabilities, but to move toward an environment with safer software and stronger cyber resilience."