OpenAI announced multiple cybersecurity initiatives on Monday, headlined by an updated version of GPT-5.5-Cyber that demonstrates significant improvements in finding and fixing software vulnerabilities. The enhanced model is currently available only to approximately 30 partners in the OpenAI Daybreak Cyber Partner Program, with plans to expand access in coming months. The company emphasized ongoing dialogue with the US government regarding the model's capabilities and future releases.

Benchmark testing shows substantial performance gains over the preview version released to select defenders earlier. On CyberGym, which tests AI systems' ability to reproduce known vulnerabilities, the updated model achieved 85.6 percent success compared to 81.8 percent for the preview. More notably, on ExploitGym, which measures how well models can convert vulnerabilities into working exploits, the new version scored 39.5 percent versus 25.95 percent. The model also improved on SEC-bench Pro, reaching 69.8 percent for long-horizon vulnerability discovery and proof-of-concept generation.

The Patch the Planet initiative, co-founded with Trail of Bits and launched with HackerOne and Calif, provides open source maintainers with ChatGPT Pro, conditional Codex Security scanner access, and API credits. In its first week, the program uncovered hundreds of bugs and generated 64 pull requests with 51 issues filed across 19 projects. Participating projects include cURL, NATS, Python, Go, and RustCrypto, with over 30 projects now enrolled. Security researchers manage the validation and deduplication process before reaching maintainers, reducing their workload while accelerating remediation.

OpenAI also released a Codex Security plugin that enables defensive security workflows within existing development pipelines. Since its March research preview, Codex has scanned over 30 million commits across more than 30,000 codebases. Human reviewers have marked approximately 70,000 findings as fixed, while AI systems have automatically determined that over 500,000 findings are resolved. The plugin can triage findings from multiple sources including scanners, advisories, and bug bounty reports, then automate patch generation.

Security teams can integrate the new plugin into CI/CD pipelines using Codex CLI or the Codex app, with export capabilities to existing vulnerability management systems through SARIF files and CodeQL queries. The announcements arrive as concerns grow around AI-powered cyberattacks and debates continue over export controls following complications with Anthropic's Mythos model. OpenAI's emphasis on government coordination suggests awareness of the sensitive balance between empowering defenders and preventing adversarial use of advanced vulnerability-finding capabilities.

Source: https://www.theregister.com/security/2026/06/23/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too/5259842