OpenAI has expanded its Daybreak cybersecurity platform with two major releases: an improved GPT-5.5-Cyber model and Patch the Planet, a program co-founded with Trail of Bits and HackerOne that funds security engineers to fix vulnerabilities in critical open-source software.
The company argues that AI has shifted the bottleneck in cybersecurity from finding bugs to fixing them. “Vulnerability reports, on their own, do not protect anyone,” OpenAI wrote in its announcement. “The value comes from validating, understanding impact, developing and testing a patch, coordinating disclosure, and deploying the fix.”
The initiative covers more than 30 open-source projects that have committed to participate, including cURL, Go, Python, Sigstore, and pyca/cryptography. Trail of Bits has engineers working full-time across 19 projects using Codex and GPT-5.5-Cyber. In an initial five-day sprint, the team identified hundreds of security issues and merged dozens of patches, with more still under coordinated disclosure.
The model itself scanned security-relevant components across more than 30 million lines of code and generated proof-of-concepts for eight kernel pointer information leaks and 24 local privilege escalation vulnerabilities in the Linux kernel.
GPT-5.5-Cyber benchmarks
The new model posts meaningful gains over its predecessor across three key benchmarks:
- CyberGym: 85.6% (up from 81.8% for GPT-5.5), highest single-model score on the test, which measures whether an AI agent can reproduce known vulnerabilities in software environments.
- ExploitGym: 39.5% (up from 25.95%), tests the ability to turn vulnerabilities into working exploits.
- SEC-bench Pro: 69.8% (up from 63.1%), long-horizon vulnerability discovery and proof-of-concept generation.
Access to GPT-5.5-Cyber remains limited to verified defenders whose authorised work requires advanced cybersecurity capabilities. OpenAI said the release includes stronger verification, monitoring, and account controls.
The updated Codex Security plugin, which has scanned over 30 million commits across more than 30,000 codebases since its March preview, now supports automated defensive workflows including threat modelling, patch generation, and verification.
Daybreak Cyber Partner Program
OpenAI also launched a partner program with security providers including Accenture, Akamai, Cloudflare, CrowdStrike, Palo Alto Networks, and more than two dozen others. Partners can integrate GPT-5.5 with Trusted Access for Cyber into their products and services.
The announcement comes as AI cybersecurity capabilities become a competitive front between major labs. In April, Anthropic’s Claude Mythos Preview reportedly found thousands of high-severity vulnerabilities across every major operating system and browser, staking a similar AI-for-defense position. OpenAI’s approach funds engineers to land actual merged patches into projects like cURL and the Linux kernel alongside the model release.
Sources: OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos (Wired, June 22, 2026); Daybreak: Tools for securing every organization in the world (OpenAI, June 22, 2026)