OpenAI Daybreak launches with GPT-5.5 to detect vulnerabilities and counter Claude Mythos

OpenAI just released its answer to Claude Mythos

OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that launched in March to create a threat model based on an organization's code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher risk ones. Its launch comes just over a month after rival Anthropic announced Claude Mythos, a security-focused AI model it claimed was too dangerous to publicly release and only shared privately as a part of its own initiative, dubbed Project Glasswing. Still, that didn't stop at least a few unauthorized parties from getting access. However, OpenAI has so far lacked a similar security product. Like Glasswing, Daybreak isn't built on just one AI model -- OpenAI says "Daybreak brings together the most capable OpenAI models, Codex, and our security partners." Daybreak also involves specialized cyber models, including GPT-5.5 with Trusted Access for Cyber and GPT-5.5-Cyber, which began rolling out last week. OpenAI also says it's working with its "industry and government partners" while it prepares to "deploy increasingly more cyber-capable models."

Daybreak is OpenAI's response to Anthropic's Claude Mythos - Engadget

OpenAI has just launched Daybreak, a cybersecurity initiative that's clearly the company's competitor to Anthropic's Project Glasswing. If you'll recall, Glasswing uses Anthropic's unreleased AI model, Claude Mythos Preview, to provide its clients' cyber defense needs. It's been promising, so far: Mozilla revealed in April that Mythos helped it find and patch 271 vulnerabilities in the latest release of the Firefox browser. OpenAI says Daybreak uses its various AI models, including its specialized security agent Codex. In its announcement, the company explained that Daybreak is built around the premise that cyber defense should be built into software from the start and not just revolve around finding and fixing vulnerabilities. Daybreak aims to prioritize high-impact issues and reduce hours of analysis to minutes, to generate and test patches within repositories and to send back results with audit-ready evidence to the clients' systems. In OpenAI's example, it asked Codex Security to scan a codebase, validate the highest-risk findings and fix them. Daybreak will use GPT-5.5 for general purposes and GPT-5.5 with Trusted Access for Cyber for most defensive security workflows, including "secure code review, vulnerability triage, malware analysis, detection engineering and patch validation." It will also rely on GPT-5.5-Cyber for "preview access for specialized workflows, including authorized red teaming, penetration testing and controlled validation." OpenAI is already working with several partners under the initiative, including Cloudflare, Cisco, CloudStrike, Palo Alto Networks, Oracle and Akamai.

OpenAI's New Daybreak Platform Uses GPT-5.5 to Find Software Vulnerabilities

OpenAI today launched Daybreak, an answer to Anthropic's Project Glasswing initiative and Mythos AI model. Like Glasswing, Daybreak is a cyber defense effort that will help tech companies find security vulnerabilities in their platforms. OpenAI says Daybreak is aimed at building cyber defense into software from the start. It builds on OpenAI's April launch of GPT-5.4-Cyber, which the company says has contributed to fixing more than 3,000 vulnerabilities. Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across the security flywheel to help make the world safer for everyone. Defenders can bring secure code review, threat modeling, patch validation, dependency risk analysis, detection, and remediation guidance into the everyday development loop so software becomes more resilient from the start. OpenAI CEO Sam Altman said OpenAI would like to work with "as many companies as possible" to help them continuously secure their software against cyber threats. Several companies have already adopted Anthropic's competing Glasswing program, including Apple, Microsoft, Google, and Amazon. Daybreak uses Codex Security to build an editable threat model from a company's software repository, then it automates monitoring for higher-risk vulnerabilities. Issues that are found can be investigated in an isolated environment. Companies can request a Daybreak assessment from OpenAI, which includes a vulnerability scan. Pricing is not listed. There are three models available. GPT-5.5 has standard safeguards for general purpose use, while GPT-5.5 with Trusted Access for Cyber is meant for verified defensive work in authorized environments. GPT-5.5-Cyber is for specialized authorized workflows, and it features stronger verification and account-level controls. OpenAI is working with industry and government partners ahead of deploying more cyber-capable models in the future.

OpenAI Launches Daybreak as AI Firms Expand Into Cybersecurity - Decrypt

The announcement comes as Google, Anthropic, and other AI companies expand into cybersecurity tools and services. OpenAI on Monday launched Daybreak, a cybersecurity initiative aimed at helping developers and security teams identify vulnerabilities, validate fixes, and secure software faster using artificial intelligence. The announcement underscores a broadening shift as AI companies are increasingly pushing into cybersecurity as advanced models improve at analyzing code, finding software weaknesses, and automating technical tasks. In a post on X, OpenAI CEO Sam Altman called Daybreak an "effort to accelerate cyber defense and continuously secure software." "AI is already good and about to get super good at cybersecurity; we'd like to start working with as many companies as possible now to help them continuously secure themselves," Altman wrote. According to OpenAI, Daybreak combines the company's AI models with Codex, its coding-focused agentic system, to help security teams review code, analyze dependencies, model threats, validate patches, and investigate unfamiliar systems. The company said the goal is to reduce the time between identifying a vulnerability and fixing it. OpenAI did not immediately respond to a request for comment by Decrypt. Daybreak comes as cybersecurity researchers and industry experts warn about the threat of AI-powered cyberattacks after the launch of Claude Mythos last month. Using Mythos, Firefox browser developer Mozilla said it was able to find 271 unknown vulnerabilities in the browser. "AI can now help defenders reason across codebases, identify subtle vulnerabilities, validate fixes, analyze unfamiliar systems, and move from discovery to remediation faster," OpenAI said in a statement. "Because those same capabilities can be misused, Daybreak pairs expanded defensive capability with trust, verification, proportional safeguards, and accountability." The announcement also comes as major AI companies increasingly market their models for cybersecurity and software engineering tasks. OpenAI rival Anthropic has also increasingly marketed its Claude models for coding and security-related tasks as competition intensifies among AI companies seeking enterprise customers. While experts remain divided over the extent of the threat AI poses, researchers and government agencies have warned that advanced AI models could accelerate cyberattacks by helping hackers automate vulnerability research, malware development, and exploit creation. At the same time, Google researchers recently said large language models are becoming better at identifying and exploiting software weaknesses that traditional security scanners often miss. OpenAI said it plans to work with government and industry partners before deploying more cyber-capable AI models, as regulators and national security officials attempt to scrutinize advanced AI models before they launch to the public. "Daybreak is the first glimpse of sunlight in the morning," OpenAI wrote. "For cyber defense, it means seeing risk earlier, acting sooner, and helping make software resilient by design."