OpenAI on Monday expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships, framing the effort around a problem it says has become more pressing than vulnerability discovery itself: getting patches deployed.
The company argues that AI models have fundamentally changed the security landscape by accelerating the rate at which vulnerabilities are found to the point where defenders are now overwhelmed by the volume of findings.
To address the vulnerability remediation bottleneck, the company released an updated Codex Security plugin designed to further enhance security workflows. The tool integrates directly into Codex and can scan entire codebases, trace attack paths, construct threat models, validate findings, generate patches, and export results into existing vulnerability management pipelines via SARIF files and CodeQL queries.
[ Read: AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask ]
Since a research preview launched in March, Codex Security has processed more than 30 million commits across over 30,000 repositories, with human reviewers confirming more than 70,000 fixes and an additional 500,000 findings resolved automatically.
Alongside the plugin update, OpenAI launched the full version of GPT-5.5-Cyber, following an earlier release that focused on reducing unnecessary refusals. The updated model is described as OpenAI’s most capable offering for authorized security work, able to sustain analysis across large codebases, assess whether vulnerable code is actually reachable, and carry work through to patch development and testing. Access remains limited to verified defenders.
On the CyberGym benchmark, which tests whether an agent can reproduce known vulnerabilities, the model scored 85.6%, compared to 81.8% for the standard GPT-5.5.
OpenAI also unveiled Patch the Planet, an initiative founded with Trail of Bits and developed in collaboration with HackerOne and Calif. The program deploys expert security researchers equipped with Codex Security and OpenAI models to work alongside maintainers of widely used open source projects.
Researchers handle validation, deduplication, and patch development before anything reaches maintainers, to reduce the burden on teams that are often small and under-resourced. More than 30 projects have signed on, with early participants including cURL, Go, Python, Sigstore, and pyca/cryptography.
OpenAI also announced the Daybreak Cyber Partner Program, through which security vendors can integrate GPT-5.5 with Trusted Access for Cyber into their own products and services. Launch partners include many cybersecurity giants.
The AI company plans to expand the program in the coming months and is also working directly with governments to help them boost their cyber defenses and protect critical infrastructure.
Related: OpenAI Rolling Out ChatGPT Account Security Controls
Related: 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
Related: OpenAI Hit by TanStack Supply Chain Attack
Related: OpenAI Rolls Out Advanced Security for ChatGPT Accounts
