OpenAI Expands Daybreak Cybersecurity Suite with GPT-5.5-Cyber and Patch the Planet

From finding bugs to fixing them

OpenAI expanded its Daybreak cybersecurity initiative on June 22, 2026, releasing a new version of GPT-5.5-Cyber, an updated Codex Security plugin, and a fresh open-source patching program called Patch the Planet.openai +1 The push reflects a deliberate shift: AI models have gotten so capable at discovering software flaws that the bottleneck has moved from finding vulnerabilities to patching them before attackers strike.openai Codex Security has scanned more than 30 million commits across more than 30,000 codebases since its March research preview, with human reviewers manually confirming more than 70,000 fixes.siliconangle

GPT-5.5-Cyber sets a new benchmark bar

The fully released GPT-5.5-Cyber replaces an earlier limited preview focused on reducing unnecessary refusals in security workflows. The model scored 85.6% on CyberGym — which tests whether an AI agent can reproduce known vulnerabilities — compared with 81.8% for standard GPT-5.5 and 83.8% for Anthropic's rival Mythos 5.the-decoder On ExploitGym, which tests whether agents can turn a flaw into a working exploit, GPT-5.5-Cyber reached 39.5% versus 25.95% for GPT-5.5.openai +1 Access stays restricted to vetted defenders through OpenAI's Trusted Access for Cyber program, with verification, monitoring, and scoped controls.openai

The updated Codex Security plugin acts as "the equivalent of a security engineer next to every software developer," per OpenAI.openai It runs deep codebase scans, traces attack paths, generates threat models, and produces targeted patches — exporting results via SARIF files or CodeQL queries to fit existing vulnerability management pipelines.siliconangle +1

A global partner network and an open-source commitment

OpenAI simultaneously launched the Daybreak Cyber Partner Program, letting security vendors wire GPT-5.5 with Trusted Access into their own products. More than 25 firms signed on as launch partners, including Cisco, CrowdStrike, IBM, Palo Alto Networks, Cloudflare, Fortinet, Wiz, and SentinelOne.the-decoder IBM announced its participation the same day, describing the collaboration as essential for enterprises responding to machine-speed threats.newsroom

Patch the Planet, the open-source arm of the expansion, was co-founded with Trail of Bits and HackerOne. More than 30 projects joined, including cURL, Go, Python, Sigstore, and pyca/cryptography.openai OpenAI cited Linux Foundation and Harvard research showing that 94% of widely used open-source projects rely on fewer than 10 developers for over 90% of annual code contributions — making them especially vulnerable to AI-generated bug floods.openai Every finding passes through a human security researcher before reaching a maintainer, and a first five-day sprint merged dozens of patches across 19 projects.siliconangle

Racing ahead of adversaries

Five Eyes intelligence agencies warned in May that AI-driven exploitation could "fundamentally transform" offensive capabilities within months, not years.thehackernews OpenAI has established Trusted Access partnerships with Australia, Canada, France, Germany, Japan, South Korea, and EU institutions including ENISA.openai Daybreak research has already produced concrete results: 8 Linux kernel privilege-escalation proof-of-concepts, a 23-year-old flaw in OpenBSD's kernel, 5 exploitable bugs in Chrome's V8 engine, more than 10 Safari vulnerabilities, and a Firefox WebAssembly flaw patched by Mozilla just two days before Pwn2Own Berlin.thehackernews +1