OpenAI announced on June 22 the expansion of its Daybreak cyber-defense program, centered on automated patch generation and the full release of GPT-5.5-Cyber, a security-focused AI model. The company argues that AI has reversed the traditional security challenge, making vulnerability remediation harder than discovery. Access to the new model remains limited to verified defenders with additional monitoring controls due to its enhanced offensive capabilities.

GPT-5.5-Cyber achieved a record 85.6% score on CyberGym, a benchmark testing whether AI agents can reproduce known vulnerabilities, compared to 81.8% for the standard GPT-5.5 model. OpenAI reports the model also shows improvements in exploit writing and proof-of-concept generation. The company describes it as both more capable and more permissive than general-purpose models for authorized security work, though these same offensive capabilities explain the restricted access policy.

The expansion includes significant updates to Codex Security, a tool integrated with OpenAI's Codex coding assistant that scans code, validates vulnerabilities, and generates fixes for human review. Since its March preview, Codex Security has processed over 30 million commits across 30,000 codebases, with more than 500,000 findings marked as resolved. OpenAI has also launched Patch the Planet, an initiative co-founded with Trail of Bits that applies these tools to open-source software, funding researchers to help maintainers address bugs in projects including cURL, Go, and Python.

OpenAI has established a partner program allowing security vendors such as CrowdStrike, Sophos, and Fortinet to integrate its models into their products. The company has also agreed to cyber partnerships with several governments and plans to work with critical infrastructure operators. This approach aims to distribute defensive AI capabilities widely before attackers can leverage similar technology.

The benchmark results come from OpenAI's internal testing, which the company says continues with real-world fix validation. Anthropic, a rival AI lab, launched a comparable bug-fixing program called Project Glasswing in April, indicating growing competition in AI-assisted vulnerability remediation. OpenAI emphasizes keeping humans in the decision loop while accelerating the deployment of defensive tools across organizations.

Source: https://www.infosecurity-magazine.com/news/openai-daybreak-gpt-5-5-cyber/