Finding software vulnerabilities used to be the hard part. AI solved that problem so thoroughly that the new crisis is different: too many vulnerabilities, too few people to fix them. Daybreak is OpenAI's answer — and it is bigger than most people realized.
Introduction
For decades, the hardest part of software security was finding the problem. Locating a serious vulnerability in a complex codebase required rare expertise, months of work, and deep familiarity with systems that most security professionals had never touched. Attackers exploited this asymmetry ruthlessly — they only needed to find one way in, defenders needed to close all of them.
AI changed that equation completely. Frontier models can now navigate millions of lines of code, reason through attack paths, validate hypotheses, and surface security issues that would have stayed hidden for years under traditional methods. The bottleneck shifted. Finding vulnerabilities is no longer the constraint. Patching them is.
OpenAI's response to this new reality is Daybreak — a platform that brings together AI models, developer tooling, a partner ecosystem of the world's largest security companies, an initiative to protect open-source software, and direct government partnerships. The goal is not to produce more vulnerability reports. The goal is to land fixes.
Quick Summary
| Component | What It Is | Key Stat |
|---|---|---|
| Codex Security | AI security engineer inside every codebase | 500,000+ findings fixed since March |
| GPT-5.5-Cyber | Most capable cyber AI model available | 85.6% on CyberGym — highest single-model score |
| Daybreak Cyber Partner Program | Security industry access to frontier AI | 28+ partners including Cisco, CrowdStrike, Palo Alto |
| Patch the Planet | Open-source vulnerability remediation | 30+ projects committed including cURL, Go, Python |
| Government Partnerships | Trusted Access for national cyber defense | Australia, Canada, France, Germany, Japan, South Korea, EU, UK |
The Problem Daybreak Is Built to Solve
The physics of cybersecurity have changed, and the industry has not fully caught up to what that means in practice.
A vulnerability report, on its own, protects no one. The security value is not in identifying that a problem exists — it is in validating the issue, understanding how severe it is, developing a patch that actually fixes it without breaking anything else, testing that patch, coordinating the disclosure so it does not hand attackers a roadmap before defenders are ready, and then helping teams deploy the fix across every system running the vulnerable code.
This full cycle is where most security programs struggle. AI has dramatically accelerated the first step — finding the issue — while the remaining steps still run at human speed. The result is a growing backlog of known vulnerabilities that security teams cannot close fast enough. Defenders are drowning in findings while attackers scan for the same issues automatically.
OpenAI frames this plainly: AI has changed the physics of cybersecurity. The question is whether defensive AI can keep pace with offensive AI, or whether the gap between discovery and remediation becomes permanently exploitable.
Daybreak's argument is that the full remediation cycle — not just discovery — can be AI-assisted at scale. Every component of the platform addresses a different stage of that cycle.
Codex Security — A Security Engineer for Every Developer
Status: Updated from research preview (launched March 2025) to full release Access: Codex CLI and Codex app
Since its March research preview, Codex Security has scanned more than 30,000 codebases and 30 million commits. Human reviewers have manually marked more than 70,000 findings as fixed. More than 500,000 findings have been automatically confirmed resolved. That is the scale OpenAI believes modern vulnerability remediation must operate at — and it is still accelerating.
The design philosophy behind Codex Security is specific and worth understanding. Most security tools generate alerts. A long list of potential issues lands in a developer's inbox, each one requiring the developer to investigate, assess severity, understand the attack path, figure out how to fix it, write the fix, test it, and verify it. This workflow breaks down at scale — not because developers are unwilling, but because the overhead of each individual finding multiplies across thousands of findings until the backlog becomes structurally unmanageable.
Codex Security is built differently. Rather than sitting outside the development workflow generating reports, it integrates directly into Codex — the AI coding tool developers are already working in. The premise OpenAI describes is putting the equivalent of a security engineer next to every software developer.
What the Updated Codex Security Does
The workflow Codex Security manages end-to-end covers every stage between discovering a potential vulnerability and delivering a verified, codebase-specific patch ready for human review:
It begins by understanding the team's code and existing threat model — or generating a threat model from scratch if none exists. It then identifies plausible vulnerabilities, checks whether the affected code is actually reachable in practice (filtering out issues that exist in the code but cannot be exploited), gathers evidence and validation steps that allow a human reviewer to confirm the issue is real, develops a targeted patch, and verifies that the patch resolves the problem without introducing new issues.
Humans remain in control of the decisions that matter: which findings to investigate further, which patches to apply, and what information to share with other teams or disclose publicly.
Today's update adds the ability to triage and validate findings that arrive from external sources — existing vulnerability scanners, security advisories, bug bounty reports, or ticketing systems. A team sitting on a backlog of hundreds of open findings from various tools can now run those findings through Codex Security to validate, prioritize, and generate patches at scale rather than working through each one manually. Output integrates with vulnerability management systems and developer toolchains through SARIF files and CodeQL queries.
GPT-5.5-Cyber — The Most Capable Cybersecurity AI Available
Status: Full version launched (following permissive-only preview) Access: Limited release to trusted, verified defenders only
The first release of GPT-5.5-Cyber was a targeted adjustment — primarily reducing the unnecessary refusals that happen when a general-purpose model applies overly broad safety restrictions to legitimate security research. A security researcher testing an authorized system should not have their AI assistant refuse to help because the request pattern resembles something a malicious actor might send.
The full GPT-5.5-Cyber release goes significantly further. It is built to sustain deep, coherent analysis across large codebases — identifying which components are security-relevant, tracing whether vulnerable code is actually reachable from an attack surface, validating issues in controlled environments, developing patches, testing those patches, and preparing structured evidence for human review. The explicit goal is helping defenders move through the complete remediation loop, not simply generating more findings.
The Benchmark Numbers
Three benchmarks measure different dimensions of cybersecurity AI capability, and GPT-5.5-Cyber leads on all three.
CyberGym measures whether an AI agent can reproduce known vulnerabilities in software environments — a test of whether the model can genuinely understand and work with real security issues rather than just describing them:
| Model | CyberGym Score |
|---|---|
| GPT-5.5-Cyber (new) | 85.6% |
| Mythos 5 (Anthropic) | 83.8% |
| GPT-5.5-Cyber (previous) | 81.9% |
| GPT-5.5 | 81.8% |
| GPT-5.4 | 79.0% |
| Claude Opus 4.7 | 73.1% |
GPT-5.5-Cyber's 85.6% is the highest CyberGym score recorded from a single model.
ExploitGym tests whether agents can convert known vulnerabilities into working exploits that achieve unauthorized code execution — a harder and more consequential capability:
| Model | ExploitGym Score |
|---|---|
| GPT-5.5-Cyber | 39.5% |
| GPT-5.5 | 25.95% |
SEC-bench Pro evaluates long-horizon vulnerability discovery and proof-of-concept generation across complex, realistic software targets:
| Model | SEC-bench Pro Score |
|---|---|
| GPT-5.5-Cyber | 69.8% |
| GPT-5.5 | 63.1% |
Real-World Validation
Benchmarks matter, but the real test is whether the model finds actual vulnerabilities in real software. GPT-5.5 combined with Codex Security has already helped defenders identify and validate vulnerabilities in Firefox, V8 (Google's JavaScript engine), Safari, OpenBSD, FreeBSD, and HTTP/2 implementations — some of the most widely deployed software on earth.
Who Gets GPT-5.5-Cyber
OpenAI is direct about the access structure. For most defenders, GPT-5.5 with Trusted Access for Cyber and Codex Security is the appropriate starting point. GPT-5.5-Cyber is reserved for verified defenders whose authorized work specifically requires more advanced capability and more permissive behavior — paired with stronger identity verification, monitoring, scoped access controls, and ongoing review.
The dual-model structure reflects a genuine tension: maximum capability in the wrong hands is maximum danger. The separation between a broadly accessible security tier and a restricted high-capability tier is the same logic Anthropic applied to Claude Fable 5 versus Mythos 5.
The Daybreak Cyber Partner Program — Taking AI Security to Scale
The most capable AI cybersecurity tools are useless if only OpenAI's direct customers can access them. The Daybreak Cyber Partner Program addresses this by enabling the security industry's established players to embed OpenAI's frontier capabilities into the products and services they already deliver to thousands of organizations.
Partners in the program receive access to GPT-5.5 with Trusted Access for Cyber — the primary model for most defensive security workflows — to build into their own security platforms and managed services. Their customers benefit from the capability without needing a direct relationship with OpenAI.
The initial partner roster covers the full breadth of enterprise security:
Major security vendors: Cisco, CrowdStrike, Palo Alto Networks, SentinelOne, Fortinet, Check Point, Sophos, Trend AI, Darktrace, Tenable, Wiz, Proofpoint, Okta, Akamai, Cloudflare, Zscaler, Elastic
Major consulting and professional services firms: Accenture, IBM, Capgemini, Cognizant, EY, KPMG, PwC, NCC Group, GuidePoint Security, SpecterOps
Networking: Cato Networks
This is not a partner list assembled for optics. These are the organizations that manage security for the largest enterprises, governments, and critical infrastructure operators in the world. Running GPT-5.5-level capability through their products means the defensive benefit reaches organizations that could never build this capability independently.
OpenAI has also committed to working with program partners to strengthen the safeguards, monitoring standards, and abuse-prevention measures needed to deploy these capabilities responsibly at scale. The program is currently rolling out with the initial set of partners and will expand to additional organizations in the coming months.
Patch the Planet — Protecting the Open-Source Foundation
Founded with: Trail of Bits In collaboration with: HackerOne and Calif Committed participants: 30+ open-source projects
There is a structural problem at the heart of open-source software security that Patch the Planet is designed to address directly.
Open-source software is the foundation that almost everything else runs on. A critical networking library might be embedded in thousands of commercial products, government systems, and public services. A single serious vulnerability in that library is a vulnerability in all of them simultaneously. Yet many of the projects maintaining this foundational infrastructure are run by very small teams. Research from the Linux Foundation and Harvard found that 94 percent of widely used open-source projects had fewer than ten developers responsible for more than 90 percent of the code added in a year.
AI-assisted vulnerability discovery makes this problem worse before it makes it better. When AI tools find vulnerabilities faster, they generate more reports. More reports landing in a maintainer's inbox means more time spent reading, triaging, and responding — time that comes at the expense of actually fixing things. An AI-generated flood of low-quality false positives can paralyze a project more effectively than no reports at all.
Patch the Planet is structured specifically to avoid this failure mode.
How It Works
Every engagement begins with a consultation between Patch the Planet's security researchers and the project maintainers they are working with. The maintainers define the priorities, their preferences for how vulnerabilities are handled, and their established disclosure processes. Nothing proceeds without their direction.
From there, Patch the Planet's researchers — working with Codex Security and OpenAI's advanced models — manage the entire process end to end. They validate vulnerabilities, deduplicate findings so the same issue is not reported multiple times, and validate patches before anything reaches the maintainer. What arrives at the project is curated, verified, and ready to act on — not another pile of raw findings demanding manual review.
Participating projects receive ChatGPT Pro, conditional access to Codex Security, and API credits for core development, maintainer automation, and release workflows.
The initial five-day sprint across multiple projects produced concrete results: hundreds of issues surfaced for review, dozens of patches merged with more in progress, and reusable security workflows built covering fuzzing, variant analysis, differential testing, and specification-based testing.
Named initial participants include cURL — the data transfer tool running on billions of devices — Go, Python, Sigstore, and pyca/cryptography.
Government and Critical Infrastructure Partnerships
OpenAI has been explicit about engaging governments before these capabilities reach full deployment — not as an afterthought but as part of the architecture.
In the United States, that engagement includes ongoing collaboration with the Center for AI Standards and Innovation (CAISI) on pre-deployment testing of GPT-5.5 and GPT-5.5-Cyber, work with the Office of the National Cyber Director (ONCD) and the Office of Science and Technology Policy (OSTP), and coordination on the implementation of a recent Executive Order and associated industry standards.
Internationally, Trusted Access for Cyber partnerships have already been established with Australia, Canada, France, Germany, Japan, the Republic of Korea, and EU institutions including ENISA (the European Union Agency for Cybersecurity). A growing partnership with the United Kingdom spans cyber defense, testing, and evaluation.
The next phase involves working directly with operators of critical infrastructure — including government networks — to develop safeguards tailored to the specific systems they operate. The goal is not generic access but contextualized capability: AI that understands the particular constraints and threat models of the infrastructure it is helping to protect.
The Access Tiers — Who Gets What
OpenAI has been careful to structure Daybreak so that capability and access are matched to need and verification level. The three tiers serve different populations:
GPT-5.5 with Trusted Access for Cyber plus Codex Security is the foundation for the majority of defenders — developers scanning their own codebases, security engineers validating findings, organizations working through vulnerability backlogs. This is the right starting point for most security work.
GPT-5.5-Cyber is reserved for verified defenders whose authorized work specifically requires the most advanced capability — deeper analysis, more permissive handling of sensitive security topics, and higher performance on complex exploitation and remediation tasks. Access requires stronger verification and comes with closer monitoring and review.
Daybreak Cyber Partner Program access routes GPT-5.5 with Trusted Access for Cyber through established security companies and consulting firms, allowing their customers to benefit from the capability indirectly at a scale OpenAI could not reach through direct relationships alone.
Why This Matters Beyond Security Teams
The Daybreak announcement is easy to read as a product launch for cybersecurity professionals. It is that. But it is also something larger.
Software is infrastructure. Firefox, the Linux kernel, cURL, Python, HTTP/2 — these are not products used by security specialists. They are the substrate that the modern internet, critical services, financial systems, healthcare technology, and government networks run on. A serious unpatched vulnerability in any of them is a vulnerability in the systems billions of people depend on daily.
The argument OpenAI makes explicitly — that frontier defensive AI capabilities should not be concentrated in the hands of a few — is a recognition that the pace of AI-assisted vulnerability discovery has outrun the capacity of any individual organization to respond. The attacker community does not respect organizational boundaries. The defensive response cannot either.
Daybreak's architecture — a tiered platform, a partner ecosystem, a government partnership structure, a dedicated open-source initiative — is an attempt to match the scale of that problem with a proportionally scaled response.
What Comes Next
OpenAI has outlined several near-term directions for Daybreak:
The Daybreak Cyber Partner Program will continue expanding to additional organizations beyond the initial partner set. Government partnerships with critical infrastructure operators will deepen, with AI systems incorporating specific context about the systems they are protecting. Patch the Planet will continue enrolling open-source projects and developing the reusable security workflows from its initial sprint into more durable infrastructure.
The underlying models will continue improving. The progression from GPT-5.5 to GPT-5.5-Cyber on every benchmark — CyberGym at 85.6%, ExploitGym at 39.5%, SEC-bench Pro at 69.8% — was achieved through deliberate focus. Further capability development in this direction is explicitly planned.
Final Takeaway
Daybreak is OpenAI's most comprehensive effort yet to apply frontier AI capability to a real-world problem that cannot wait. The cybersecurity industry's current tools were not designed for a world where AI can find vulnerabilities faster than humans can fix them. Daybreak is designed for exactly that world.
Codex Security brings AI-assisted remediation to every development team. GPT-5.5-Cyber gives the most capable cyber AI available to verified defenders. The Daybreak Partner Program distributes that capability through the security companies that already reach the enterprises and governments that need protection most. Patch the Planet protects the open-source foundation everything else depends on.
The measure of Daybreak's success will not be benchmark scores or partner announcements. It will be whether the gap between finding vulnerabilities and fixing them closes — and whether it closes faster than attackers can exploit what lies in between.