OpenAI said it is broadening the reach of its Daybreak cybersecurity effort with a package of product updates and partnerships designed to speed the discovery and remediation of software vulnerabilities. The company unveiled a finalized GPT-5.5-Cyber model, an updated Codex Security plugin with extended scanning and patching capabilities, a Cyber Partner Program for security vendors, and Patch the Planet, an initiative to subsidize security work on critical open-source projects.
According to OpenAI, the full GPT-5.5-Cyber model delivers higher performance on several specialized security benchmarks when compared with GPT-5.5. The company reported a CyberGym score of 85.6% for GPT-5.5-Cyber versus 81.8% for GPT-5.5. On ExploitGym the model achieved 39.5% compared with 25.95% for GPT-5.5, and on SEC-bench Pro it delivered 69.8% versus 63.1% for GPT-5.5. OpenAI emphasized that GPT-5.5-Cyber is intended to be used by verified defenders whose work requires advanced cyber capabilities combined with verification, monitoring, and scoped controls.
The updated Codex Security plugin has been applied at scale since its March research preview, with OpenAI saying it has scanned more than 30 million commits across in excess of 30,000 codebases. Human reviewers have manually marked over 70,000 findings as fixed, and the system has automatically determined more than 500,000 findings to be fixed. OpenAI described the plugin as integrated into Codex to perform vulnerability identification, reachability analysis to determine which parts of code are reachable and therefore exploitable, collection of validation evidence, automated patch generation, and verification of results.
Alongside the tooling, OpenAI launched the Daybreak Cyber Partner Program and named initial partners that include Accenture, Akamai, Check Point, Cisco, Cloudflare, CrowdStrike, IBM, and Palo Alto Networks, among others. Participating security providers will be able to use GPT-5.5 with Trusted Access for Cyber in their security products and services. OpenAI said it plans to expand the program to additional organizations in the coming months.
To address vulnerabilities in widely used open-source software, OpenAI has established Patch the Planet, created with Trail of Bits and in collaboration with HackerOne and Calif, to fund security researchers working with open-source maintainers. More than 30 open-source projects have committed to take part, with initial participants including cURL, Go, Python, Sigstore, and pyca/cryptography.
OpenAI noted it has set up Trusted Access for Cyber partnerships with a set of national and regional entities, specifically naming Australia, Canada, France, Germany, Japan, Republic of Korea, and EU institutions including ENISA. The company framed these measures as part of a controlled deployment model - enabling advanced cyber capabilities while pairing them with verification and monitoring to limit misuse.
Implications and context
The suite of releases is framed as a way to improve the pace and scale of software security work by combining automated analysis, human validation, and funded research. Open-source maintainers and enterprise security teams are direct targets for these tools and programs, and security vendors are positioned to incorporate GPT-5.5 capabilities into commercial offerings under Trusted Access arrangements.