OpenAI Expands Daybreak Cyber Program with Patching Tools
OpenAI is significantly expanding its Daybreak cybersecurity initiative, moving beyond vulnerability detection to actively help defenders patch software flaws. The company has introduced a revised Codex Security plugin, expanded access to its GPT-5.5-Cyber model, and launched a partner program with major security vendors. The shift reflects a growing recognition that finding vulnerabilities matters less than actually fixing them.

New Tools Take Center Stage

The updated Codex Security plugin integrates directly into development workflows, performing defensive tasks like scanning codebases, reviewing changes, and generating severity reports. It can trace attack paths, build threat models, and propose patches for human review. Since its research preview in March, the tool has scanned over 30 million commits across more than 30,000 codebases, with human reviewers marking over 70,000 findings as fixed.

OpenAI has also widened access to GPT-5.5-Cyber, a specialized model for authorized cybersecurity work. On OpenAI’s CyberGym benchmark, the model scored 85.6%, outperforming the standard GPT-5.5 at 81.8%. It also showed gains on ExploitGym and SEC-bench Pro benchmarks.

Partners Drive Implementation

A key part of the expansion is the Daybreak Cyber Partner Program, which grants security companies access to GPT-5.5 with Trusted Access for Cyber. Initial partners include Accenture, Akamai, Check Point, Cisco, CrowdStrike, and Palo Alto Networks. OpenAI plans to collaborate with these partners on safeguards and abuse-prevention standards.

Patch the Planet Mobilizes Open Source

A new initiative called Patch the Planet targets critical open-source projects often maintained by small teams. Launched with Trail of Bits and in collaboration with HackerOne, the program uses Codex Security and OpenAI models to assist maintainers directly. Over 30 open-source projects have committed to participate, including cURL, Go, Python, and Sigstore. An initial five-day sprint across multiple projects surfaced hundreds of issues and led to dozens of merged patches.

Global Government Backing

OpenAI has established Trusted Access for Cyber partnerships with multiple governments. Countries including Australia, Canada, France, Germany, Japan, and the Republic of Korea are collaborating on cyber testing and evaluation. The EU and UK governments have also expanded partnerships on cyber-related work.

Why This Matters

OpenAI frames Daybreak as a response to a fundamental problem: as AI increases the volume of discoverable vulnerabilities, defenders need help with remediation. The company stated, Finding vulnerabilities is important, but it’s landing the fix that protects the world, and that takes collaboration and community support. The emphasis on patching rather than just detection reflects a maturation in how the security industry views AI’s role in defense.

Follow Hashlytics on Bluesky, LinkedIn, Telegram and X to Get Instant Updates

RELATED ARTICLESMORE FROM AUTHOR