9 Sources
[1]
OpenAI launches new initiative to help find and patch open-source bugs
OpenAI announced a new initiative on Monday designed to help the open source community improve its cybersecurity game and ward off bugs. "Patch the Planet," (which is a not-so-subtle allusion to "Hack the Planet," the iconic catch phrase from the 1995 movie Hackers) will see OpenAI team up with the security company Trail of Bits to help open source maintainers secure their projects. OpenAI said security staff from Trail of Bits will work directly with open source maintainers to review potential code issues. OpenAI's security tools -- like Codex Security -- will be used to assist in the process. "Many maintainers are already being asked to sort through more reports, more quickly, with the same limited time and resources," OpenAI said Monday. "Patch the Planet is built to reduce that burden, not add to it: security engineers review findings before they reach maintainers, work with projects to develop patches and tests, and build reusable workflows that help teams continue improving security after the first fixes land." In other words, Trail of Bits engineers will function more or less like code EMTs -- there to help open source project maintainers identify and triage potential issues, all supported by OpenAI's software. It sounds like an ambitious project, and it's somewhat unclear how it will function in the long term, or how it plans to scale up (if at all). Open source projects are the digital bedrock upon which the commercial software industry rests, but, unfortunately, due to the decentralized and poorly monitored structure of that ecosystem, much of the software is insecure. Bugs in open-source projects can turn into major problems for commercial codebases. The log4j debacle from several years ago -- when a bad vulnerability was discovered in a widely used open source utility -- is a good example. Much of the concern surrounding tools like Mythos (Anthropic's highly publicized security tool) seems to stem from the fact that AI can now automatically identify existing bugs within codebases and set about creating exploits for them. While the automation of cybercrime is not new, these tools undoubtedly have the potential to make it significantly more convenient for bad actors. OpenAI is turning that formula on its head by using AI to help the open source community better protect itself. It's hard not to read it as a competitive swipe at Anthropic, while also recognizing that it's something the open source community desperately needs.
[2]
OpenAI Launches Full-Scale Effort to Patch Open Source Bugs as It Takes on Anthropic's Mythos
As fears about AI hacking capabilities grow, OpenAI on Monday made a slew of cybersecurity-focused announcements, including an improved version of its limited-access security-specialized model GPT-5.5-Cyber, expanded international work with governments and other institutions to give them "trusted access" to the company's latest cybersecurity-focused models, and releasing its Codex Security scanner as an app plugin. As advances across the AI industry leave critical open source projects at increasing risk of falling behind, though, the company also said on Monday that it is launching an effort known as Patch the Planet, founded with the prominent research-focused security firm Trail of Bits and in collaboration with vulnerability management firms HackerOne and Calif. The project has already begun its work offering free security consulting services to open source maintainers to not only help them find and patch vulnerabilities, but also support them in strengthening their codebases and incorporating AI security tools into their development process. The idea is to give individualized support to as many open source projects as possible to improve both their current security and longterm resilience in a way that will actually be sustainable. "Patch the Planet is an internet-scale effort to help open source software get ahead of AI bug hunting tools," says Trail of Bits CEO and cofounder Dan Guido. "But it's also an effort to help the open source community see the benefits and not just the downsides of AI coding tools." Open source developers -- typically volunteers keeping critical and widely used software afloat with few resources -- are often already struggling to keep up with bug reports. The rise of AI vulnerability hunting in recent months has, for many maintainers, made that backlog feel insurmountable as AI-generated slop reports stack up, making it difficult to prioritize and pulling already limited time and attention away from critical flaws. Maintainers "do their work out of love of open source and now they're stuck reviewing slop CVEs," says OpenAI's cyber tech lead Fouad Matin. With Patch the Planet, he says, "what we've effectively done is make it as efficient from a token perspective as possible to reduce the burden for maintainers -- code base assessments, validating potential reports, creating patches, and landing them. We want to offset costs, whether it's tokens or people power, to actually patch as much of the world of software as possible." Matin adds that for its Codex Security scanner, which has been in research preview since earlier this year, OpenAI has been subsidizing usage for both open source and private code "to the tune of 20 trillion tokens." More than 30 open source projects are already participating in Patch the Planet with more in the pipeline to start. To launch the project, Trail of Bits recently conducted a five day opening sprint in which it had 25 engineers, or roughly a fifth of its workforce, simultaneously working on collaborations with an array of maintainers. OpenAI and Trail of Bits say the project has already uncovered hundreds of bugs and produced dozens of patches in just its first week. And Guido says that with funding from OpenAI as well as unmetered model access, Trail of Bits plans to continue its intense commitment to Patch the Planet work long term. "It's so rare that we get the opportunity to work on large scale open source security issues," Guido says. "And Patch the Planet is not a one size fits all. We speak to all the maintainers for every single project and figure out what their highest priorities are, whether it's building better testing infrastructure or custom fuzzers or just cleaning up technical data across the project because that's what's going to make them work faster and operate faster and patch faster." Monday's announcements by OpenAI come as its competitor Anthropic had to pull its new Fable 5 and Mythos 5 models off the market earlier this month amid fear from the Trump administration about AI cybersecurity capabilities. The White House decision to hit OpenAI with export controls on the models came after Anthropic publicly released the Mythos-grade Fable 5 with blocks on its advanced biological and cybersecurity capabilities -- protections the administration feared were not adequate. OpenAI's announcements on Monday, including the new checkpoint of GPT-5.5-Cyber, are all part of the company's limited "Trusted Access for Cyber" program and do not involve a public release. But with both Anthropic and OpenAI preparing for IPOs, competition clearly continues regardless of which products are currently on the market. In its GPT-5.5-Cyber announcement, for example, OpenAI points out that the model scores 85.6 percent on the benchmark assessment known as CyberGym, an improvement from a previous version of GPT-5.5-Cyber. The performance also beats Anthropic's Mythos 5, which scored 83.8 percent. Amid this AI cybersecurity race, the Five Eyes intelligence alliance warned in an unusual joint statement on Monday that "frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months. ... In this environment, cyber resilience is integral."
[3]
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software vulnerabilities," OpenAI said the model can "sustain deeper analysis across large codebases" to identify security issues, validate them in a controlled environment, and develop and test patches. In tandem, the tech upstart is releasing an update to the Codex Security plugin to speed up the process of discovering and patching vulnerabilities in existing systems, alongside preventing new vulnerabilities from entering production codebases. "Developers can run deep scans or review recent changes, generate reports with severity, affected code locations, validation evidence, and remediation guidance, trace attack paths, build threat models, validate findings, and generate codebase-specific patches for review," OpenAI said. On top of that, the plugin can triage and validate existing findings from scanners, advisories, bug-bounty reports, or ticketing systems, and then facilitate patch generation at scale to quickly close a backlog of vulnerabilities. OpenAI is also launching a new initiative called Patch the Planet in partnership with Trail of Bits to help secure open-source projects. Initial participants include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org. These moves come as frontier models from Anthropic and OpenAI are accelerating vulnerability discovery, leaving software maintainers overwhelmed with an ever-increasing volume of bugs that need to be verified, triaged, and patched. While previously the challenge lay in finding vulnerabilities, the bottleneck has now shifted to patching them. AI models come with capabilities to navigate large codebases, reason through attack paths, and flag security issues that might have otherwise stayed hidden. Case in point is a 29-year-old flaw in the Squid web proxy (CVE-2026-47729, aka Squidbleed) that can leak cleartext HTTP requests belonging to other users under certain conditions. Cyber experts have also raised concerns that more advanced AI models are turbocharging bad actors' abilities to take advantage of security vulnerabilities, forcing the industry to plug the holes almost as soon as they are discovered. "Threat actors with limited technical expertise can use publicly available AI models for malicious purposes," the Canadian Centre for Cyber Security said in guidance released in May 2026. "Organizations should assume that AI-driven exploitation may bypass preventative controls, significantly outpace vendors' capacity to publish corrective measures and challenge the organization's ability to deploy." Patch the Planet aims to reduce this undue burden placed on maintainers by letting security engineers review and validate findings, work with projects to develop patches and tests, and help build reusable vulnerability discovery workflows with the goal of improving security even after the initial fixes are released. "With Patch the Planet, we are working with researchers, maintainers, enterprises, and partners to make powerful cyber capability available to defenders with appropriate access, governance, and human oversight," OpenAI said. The AI company also said the Daybreak initiative has already helped surface a number of vulnerabilities across various operating systems and web browsers - * 8 kernel pointer information leak proofs-of-concept (PoCs) and 24 local privilege escalation exploits in the Linux Kernel * A 23-year-old use-after-free in OpenBSD's kernel implementation of System V semaphores * 34 vulnerabilities and 7 local privilege escalation PoCs in FreeBSD * 6 vulnerabilities in dnsmasq (CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, and CVE-2026-5172) * A denial-of-service (DoS) technique called HTTP/2 Bomb impacting major HTTP/2 implementations, including NGINX, Apache, IIS, and Pingora * 5 exploitable vulnerabilities in Google Chrome's V8 JavaScript engine * 10 exploitable Apple Safari vulnerabilities * A WebAssembly vulnerability (CVE-2026-8390) in Mozilla Firefox "Patch the Planet is designed to put that full defensive loop in service of maintainers: discovery, validation, severity review, disclosure, patch development, testing, and deployment," OpenAI said. "Frontier models can make parts of that loop faster, but the aim is to give the people responsible for shared infrastructure better tools and more capacity, while preserving their agency over how changes land." The developments go hand in hand with bad actors misusing AI to compress the time between finding and exploiting a weakness, shrinking the window defenders have to respond. The use of vibe-coded exploits also heralds a new chapter where the technology is not only lowering the barrier to exploit development, but also enabling attackers to cast a wide net across newly disclosed vulnerabilities with lesser effort. Intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. have warned that advanced AI models can speed up the speed, scale, and sophistication of cyber threats, while lowering the barrier for malicious actors and shrinking the window between vulnerability discovery and exploitation ever more quickly. "Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months, the agencies noted. "In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value." "Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy. Those that do not will face growing operational and strategic disadvantage."
[4]
OpenAI rolls out more capable version of its cybersecurity model
Why it matters: Even as Anthropic remains in limbo with the U.S. government, the race to get advanced AI models into the hands of cyber defenders continues to heat up. Driving the news: OpenAI is updating its GPT-5.5-Cyber model -- which is only available to vetted cybersecurity companies and researchers -- so it is both "more permissive and more capable for advanced, authorized cybersecurity work," according to a blog post. * The updated model can perform deeper analysis across large codebases, identify security-relevant components, validate likely vulnerabilities, and develop and test software patches. * OpenAI says the updated GPT-5.5-Cyber achieved an 85.6% score on CyberGym, an internal benchmark that measures whether an AI agent can reproduce known software vulnerabilities in testing environments, compared with 81.8% for GPT-5.5. The big picture: OpenAI is expanding access to its cybersecurity tools at a time when policymakers are paying closer attention to how advanced AI systems are evaluated, tested and deployed. * AI developers face a difficult balancing act: getting powerful cyber capabilities into the hands of legitimate defenders and researchers while limiting opportunities for malicious use. Between the lines: OpenAI is also rolling out a series of new programs and capabilities designed to let vetted cybersecurity companies use its models to help secure customer environments. * The company is launching the OpenAI Daybreak Cyber Partner Program, which allows participating security vendors to use GPT-5.5 with Trusted Access for Cyber in the products and services they provide to customers. * OpenAI is also helping fund Patch the Planet, an initiative founded with Trail of Bits and developed in collaboration with HackerOne and Calif, aimed at helping open-source maintainers manage and remediate vulnerabilities identified with AI-assisted tools. What to watch: OpenAI says it has established partnerships with Australia, Canada, France, Germany, Japan, Poland, the Republic of Korea and EU institutions. * The company also says it is working with critical infrastructure operators and government networks on ways to safely deploy advanced AI cybersecurity capabilities.
[5]
OpenAI expands Daybreak with Patch the Planet and full GPT-5.5-Cyber release
OpenAI expands Daybreak with Patch the Planet and full GPT-5.5-Cyber release OpenAI Group PBC today expanded its Daybreak cybersecurity program with a new open-source patching initiative called Patch the Planet, an updated Codex Security plugin, a partner program and the full release of its most capable defensive model, GPT-5.5-Cyber. The push marks a shift in how OpenAI talks about AI and security. The company says its models now find vulnerabilities faster than defenders can fix them, leaving security teams buried in reports. The new bottleneck, OpenAI says, is patching. Patch the Planet is the centerpiece. Founded with security firm Trail of Bits Inc. and in collaboration with HackerOne Inc. and Calif, the initiative funds expert researchers and equips them with Codex Security and OpenAI's models to work directly with the maintainers of widely used open-source projects. More than 30 projects have committed to taking part, with early participants including cURL, the Go project, Python, Sigstore and pyca/cryptography. The pitch rests on how thinly stretched open source is. OpenAI cited research from the Linux Foundation and Harvard finding that 94% of the widely used projects studied had fewer than 10 developers responsible for more than 90% of the code added in a year. Throw more AI-generated bug reports at teams that small and the result is a bigger backlog, not better security. To avoid that, OpenAI said a human security engineer reviews every Patch the Planet finding before it reaches a maintainer. An initial five-day sprint surfaced hundreds of issues and merged dozens of patches, OpenAI said, along with reusable fuzzing and testing tooling that projects can keep using. Trail of Bits put its entire security research organization on the effort and worked across 19 projects, according to OpenAI. OpenAI also disclosed findings from the wider Daybreak work. Its models turned up a 23-year-old use-after-free flaw in OpenBSD's kernel. On dnsmasq, Codex flagged patterns matching four of six dnsmasq vulnerabilities that were later assigned CVE numbers and fixed. The browser results were sharper. In Chrome, OpenAI researchers reported five exploitable bugs in the V8 JavaScript engine. WebKit work on Safari turned up more than 10. The Firefox case had better timing. Mozilla patched a WebAssembly flaw, found with GPT-5.5, just two days before Pwn2Own Berlin. Five of the six Firefox entries registered for the contest then withdrew. The full version of GPT-5.5-Cyber also went live, replacing a permissive-only preview. OpenAI put its CyberGym score at 85.6%, up from 81.8% for the standard GPT-5.5. The benchmark tests whether an agent can reproduce known vulnerabilities. Access stays restricted to vetted defenders through the company's Trusted Access for Cyber program. Rounding out the expansion is the Daybreak Cyber Partner Program. It lets security vendors and integrators wire GPT-5.5 with Trusted Access into the products they sell. Launch partners include Accenture plc, Cisco Systems Inc., CrowdStrike Holdings Inc., IBM Corp., Okta Inc., Palo Alto Networks Inc. and Wiz Inc. The timing is notable. Rival Anthropic PBC has seen its own cyber-capable models sidelined, leaving OpenAI room to press its case. The company said it is continuing to work with the U.S. government on pre-deployment testing and has signed Trusted Access partnerships with Australia, Canada, France, Germany, Japan, South Korea and European Union institutions over the past month. Codex Security has scanned more than 30 million commits across more than 30,000 codebases since its research preview launched in March, OpenAI said, with human reviewers marking more than 70,000 findings as fixed.
[6]
Taking on Mythos: OpenAI rolls out cyberdefence model Daybreak to speed up software security fixes
OpenAI has introduced Daybreak, a cybersecurity initiative focused on software vulnerability detection and remediation. The programme includes Codex Security, GPT-5.5-Cyber, Patch the Planet, and the Daybreak Cyber Partner Program. According to the company, the initiative is intended to support cybersecurity teams, open-source software maintainers and industry partners in addressing software security issues. OpenAI has introduced Daybreak, a new cybersecurity effort aimed at helping organisations find and fix software security flaws faster. The company said the initiative focuses on speeding up the process of patching vulnerabilities, which it believes have become the biggest challenge in cybersecurity today. According to the company, the focus no longer remains on discovering flaws, but rather, on fixing them before they can be exploited by an attacker. As artificial intelligence (AI) becomes better at finding bugs in software, security teams are being flooded with vulnerability reports. As part of Daybreak, OpenAI has also updated its Codex Security tool. The tool can scan software code, identify possible vulnerabilities, understand how attackers could exploit them, generate patches and help developers validate fixes. Codex Security has already scanned more than 30,000 code repositories and over 30 million code commits. It has also helped identify more than 500,000 fixed security findings. Aside from the Codex Security tool, OpenAI has also released the full version of GPT-5.5-Cyber, an AI model specifically curated for cybersecurity work. This model analyses large codebases, investigates vulnerabilities, tests fixes, and supports security researchers. Access to this model remains limited to trusted and verified cybersecurity professionals. A major part of this effort is "Patch the Planet," a programme launched with security partners, including Trail of Bits and HackerOne. The programme is meant to help maintainers of widely used open-source software to move from 'findings to fixes.' More than 30 open-source projects, including Python, Go, cURL and Sigstore, have agreed to take part. Alongside these efforts, the company has also unveiled the Daybreak Cyber Partner Program, which lets the cybersecurity firms integrate its defensive AI models into their products and services. The company says it is working with industry partners and governments to improve cyber defence capabilities.
[7]
OpenAI expands Daybreak with Codex Security, GPT-5.5-Cyber and Patch the Planet initiative
OpenAI has expanded its Daybreak cybersecurity initiative to help organizations identify and patch vulnerable software faster using AI. The company says its models have already discovered and generated patches for critical vulnerabilities affecting major web browsers, network infrastructure, and operating systems, including FreeBSD and the Linux kernel. The expansion introduces an updated Codex Security plugin, the full version of GPT-5.5-Cyber, the Daybreak Cyber Partner Program, and Patch the Planet. AI shifts focus from finding flaws to fixing them OpenAI says AI has accelerated vulnerability discovery, making remediation the new challenge for security teams. While AI can analyze large codebases, trace attack paths, and uncover vulnerabilities more efficiently, organizations still need to validate findings, assess risk, test patches, coordinate disclosure, and deploy fixes. According to the company, Daybreak combines OpenAI's AI models, Trusted Access for Cyber, Codex Security workflows, and ecosystem partners to help approved defenders validate vulnerabilities, prioritize risk, generate and test fixes, and integrate remediation into existing development and security workflows with governance and human oversight. Codex Security update OpenAI has updated the Codex Security plugin based on internal deployments and customer feedback. The company says the plugin is designed to accelerate vulnerability remediation while helping prevent new vulnerabilities from reaching production. Key capabilities include: * Deep security scans across codebases or recent code changes. * Threat model creation, reachability analysis, and attack path tracing. * Validation evidence, remediation guidance, and code-specific patch generation. * Triage of findings from scanners, advisories, bug bounty reports, and ticketing systems. * Export through SARIF, CodeQL, Codex CLI, the Codex app, and existing vulnerability management platforms. Since entering research preview in March, Codex Security Cloud has scanned more than 30 million commits across 30,000+ codebases. Human reviewers have confirmed more than 70,000 findings as fixed, while the platform has automatically verified over 500,000 additional fixes. OpenAI says developers remain responsible for deciding which findings to investigate and which patches to deploy. GPT-5.5-Cyber OpenAI has also released the full version of GPT-5.5-Cyber through its limited Trusted Access for Cyber program. Following an earlier permissive-only preview, the model is designed for advanced, authorized cybersecurity work while retaining GPT-5.5's general reasoning capabilities. According to OpenAI, GPT-5.5-Cyber can analyze repositories, identify security-sensitive components, determine whether vulnerable code is reachable, validate findings, develop and test patches, and prepare evidence for human review. The company reported the following benchmark results: * CyberGym: 85.6% (vs. 81.8% for GPT-5.5) * ExploitGym: 39.5% (vs. 25.95%) * SEC-bench Pro: 69.8% (vs. 63.1%) OpenAI says the CyberGym score is its highest recorded for a single model. The company is also evaluating GPT-5.5-Cyber on real-world remediation workflows and says GPT-5.5 together with Codex Security has already helped identify and validate vulnerabilities in Firefox, V8, Safari, OpenBSD, FreeBSD, and HTTP/2 implementations. GPT-5.5 remains the recommended starting point for most defensive security workflows, while GPT-5.5-Cyber is intended for verified defenders requiring more advanced capabilities. Daybreak Cyber Partner Program OpenAI has launched the Daybreak Cyber Partner Program to extend its cybersecurity capabilities through security software vendors and service providers. Participating partners can integrate GPT-5.5 with Trusted Access for Cyber into their products and services, allowing customers to use AI-powered defensive capabilities while direct model access remains with trusted partners. OpenAI says it will continue working with partners to strengthen safeguards, monitoring, and abuse-prevention standards as the program expands. Patch the Planet OpenAI has also introduced Patch the Planet, an initiative founded with Trail of Bits in collaboration with HackerOne and Calif to help widely used open-source projects move from vulnerability findings to verified fixes. More than 30 open-source projects have committed to participate, including cURL, Go, Python, Sigstore, and pyca/cryptography. The initiative brings together researchers, maintainers, enterprises, and partners to support remediation through governance and human oversight. Citing research from the Linux Foundation and Harvard University, OpenAI says 94% of widely used open-source projects have fewer than 10 developers responsible for more than 90% of the code added in a year, making it difficult to manage the growing volume of AI-assisted vulnerability reports. Researchers work with maintainers to define project priorities and disclosure processes before validating and deduplicating findings, developing and testing patches, and coordinating remediation. Participating projects receive: * ChatGPT Pro * Conditional access to Codex Security * API credits for development, maintainer automation, and release workflows OpenAI says an initial five-day sprint surfaced hundreds of issues for review, merged dozens of patches, and produced reusable fuzzing, variant analysis, differential testing, and specification-based testing workflows. Government collaboration OpenAI says it continues to work with governments and institutions to strengthen defensive cybersecurity capabilities. The company has collaborated with the U.S. government, including the Center for AI Standards and Innovation (CAISI), the Office of the National Cyber Director (ONCD), and the Office of Science and Technology Policy (OSTP), on GPT-5.5 and GPT-5.5-Cyber testing, implementation of the recent Executive Order, and related industry standards. Trusted Access for Cyber partnerships have also been established with Australia, Canada, France, Germany, Japan, the Republic of Korea, and European Union institutions including ENISA, alongside ongoing collaboration with the UK government. OpenAI says it plans to develop safeguards for government networks and other critical infrastructure operators while working with enterprise customers and trusted partners to incorporate system-specific context and identifiers into its cybersecurity safeguards. Availability OpenAI says organizations can use Daybreak to identify, validate, prioritize, and remediate software vulnerabilities across the software they build and operate. Developers and maintainers can use Codex Security on code they own, while security partners can integrate GPT-5.5 with Trusted Access for Cyber into their products and services through the Daybreak Cyber Partner Program. GPT-5.5-Cyber continues to be available through OpenAI's limited Trusted Access for Cyber program for verified defenders requiring its most advanced cybersecurity capabilities.
[8]
What is OpenAI Daybreak: GPT-5.5-Cyber, Codex Security, and Patch the Planet explained
There have been detection problems in the area of cybersecurity all along. Alert generation overwhelms the security teams, vulnerability discovery occurs much faster than vulnerability fixing, and that is where attacks occur. The Daybreak project of OpenAI, which has been significantly expanded this week, is founded on the following basic premise: bug discovery has never been the issue. The problem is how to fix them. Daybreak is an effort by OpenAI to leverage frontier artificial intelligence throughout the whole process of remediation - from alert generation through validation of alerts to patch generation and deployment. This is how each of the three major components works. Also read: Sakana AI's Fugu: This Japanese AI claims to match Anthropic's Fable 5 and Mythos Preview Codex Security Daybreak makes use of Codex Security as its engine. Codex Security generates a threat model for that specific codebase, identifies realistic attack vectors, tests for vulnerabilities in controlled environments, and suggests remedies after human analysis. The crucial difference between it and the usual scanning software is the fact that it doesn't provide an array of findings but focuses on the ones that can be exploited, giving engineers data instead of making assumptions. Companies interested in the Daybreak service provided by OpenAI can request a vulnerability scan of their codebase by Codex Security. The costs are unknown. GPT-5.5-Cyber There are three levels of access available through Daybreak for the OpenAI models. There is Standard GPT-5.5 for general use. GPT-5.5 with Trusted Access for Cyber is the key model for verification in defensive tasks in authorized environments. GPT-5.5-Cyber is the least restrictive level of access, limited to verified entities, and is used for red team exercises, penetration tests, and vulnerability testing. Also read: The Mac Mini is the best on-device AI computer you can buy: Here's why The newly released GPT-5.5-Cyber model has an accuracy rate of 85.6 percent on OpenAI's internal CyberGym test, compared to 81.8 percent previously, and can perform deeper analyses in large repositories of code. This new model has already detected vulnerabilities in Firefox, V8, Safari, and HTTP/2 implementations. Patch the Planet The third is Patch the Planet, which is an effort co-launched with Trail of Bits through partnership with HackerOne that helps open source projects progress from findings to fixings. More than 30 projects are signed up for this program, such as cURL, Go, Python, Sigstore, and pyca/cryptography. This program is bringing researchers, maintainers, and enterprises together into a shared governance model with human oversight and auditing. The Partner Program Lying beneath all of that is the Daybreak Cyber Partner Program, through which 28 security partners - ranging from Cisco to CrowdStrike, Cloudflare, Palo Alto Networks, Wiz, and SentinelOne - can tie GPT-5.5 into Trusted Access for Cyber within their own offerings. The end user gets the benefit without having to have direct access to the model. As OpenAI is positioning Daybreak, it's not about scanning using AI but partnering in the process of remediation. The question is whether it closes the validation gap.
[9]
OpenAI updates GPT 5.5 Cyber AI model, claims it outperforms Mythos 5 on important benchmark
OpenAI has announced it is releasing the full version of GPT 5.5 Cyber, its AI model designed for cybersecurity work. According to the company, the new version is "more permissive" and "more capable for advanced, authorised cybersecurity work." The updated GPT 5.5 Cyber can do much more than identify software vulnerabilities. It can analyse large codebases, find security related components, check if vulnerable code is reachable and test possible fixes. GPT 5.5 Cyber is said to be OpenAI's strongest model yet for finding and helping patch software vulnerabilities. It also retains GPT 5.5's general-purpose intelligence and ability to work across long, complex tasks, according to the company. Also read: Nothing Phone 4b in the works? Company hints at new lineup, here is what we know The company shared benchmark results showing improvements over the standard GPT 5.5 model. On CyberGym, a benchmark that measures whether an AI agent can reproduce known software vulnerabilities, GPT 5.5 Cyber scored 85.6 per cent. GPT 5.5 scored 81.8 per cent on the same test. The new model even outperformed Anthropic's Mythos 5 on the CyberGym benchmark, according to the comparison shared by OpenAI. On ExploitGym, which measures whether an AI can turn known vulnerabilities into working exploits that achieve unauthorised code execution, GPT 5.5 Cyber achieved 39.5 per cent. For comparison, GPT 5.5 scored 25.95 per cent. Also read: Got GTA 6 beta invitation? It can be a scam designed to steal your information OpenAI said benchmark scores are only one part of the story. "What matters in practice is whether a model can find real vulnerabilities, distinguish actionable issues from noise, and help defenders land fixes safely. We are continuing to evaluate the model's performance on complex repositories and real remediation workflows as coordinated disclosures conclude," the company added. The company also said it has been working closely with the US government on cybersecurity and AI safety. This includes collaboration with the Center for AI Standards and Innovation (CAISI), the Office of the National Cyber Director (ONCD), and the Office of Science and Technology Policy (OSTP). According to OpenAI, GPT 5.5 Cyber is intended for verified defenders who need advanced cybersecurity capabilities. For most users, the company recommends GPT 5.5 with Trusted Access.
Share
Copy Link
OpenAI unveiled Patch the Planet, a major initiative partnering with Trail of Bits to help open-source maintainers find and patch vulnerabilities using AI-driven cybersecurity tools. The effort addresses a critical bottleneck as AI models now discover bugs faster than defenders can fix them, leaving security teams overwhelmed with reports.
OpenAI announced a sweeping expansion of its cybersecurity efforts on Monday, unveiling Patch the Planet—an initiative designed to help open-source maintainers manage the growing flood of open-source vulnerabilities that AI tools are now uncovering at unprecedented speed
1
. Founded with security firm Trail of Bits and developed in collaboration with HackerOne and Calif, the program aims to patch open-source bugs before they become critical threats to the broader software ecosystem2
.
Source: Wired
The timing reflects a fundamental shift in the cybersecurity landscape. While finding vulnerabilities was once the primary challenge, the bottleneck has now moved to vulnerability patching itself
3
. AI models can navigate large codebases and flag security issues faster than human teams can validate and fix them, creating an overwhelming backlog for already resource-strapped open-source maintainers.Patch the Planet offers free security consulting services to open-source projects, with Trail of Bits engineers functioning as code EMTs who review findings before they reach maintainers [1](https://techcrunch.com/2026/06/22/openai-l aunches-new-initiative-to-help-find-and-patch-open-source-bugs/). The initiative uses Codex Security and OpenAI's models to conduct codebase analysis, validate potential reports, create patches, and build reusable workflows that help teams continue improving security after initial fixes land
2
.
Source: SiliconANGLE
More than 30 open-source projects are already participating, including cURL, Python, the Go project, Sigstore, and pyca/cryptography
3
. During an initial five-day sprint, Trail of Bits deployed 25 engineers—roughly a fifth of its workforce—simultaneously working on collaborations with maintainers, uncovering hundreds of bugs and producing dozens of patches in just the first week2
."Patch the Planet is an internet-scale effort to help open source software get ahead of AI bug hunting tools," says Trail of Bits CEO Dan Guido
2
. OpenAI has been subsidizing usage of Codex Security "to the tune of 20 trillion tokens" for both open-source and private code2
.Alongside Patch the Planet, OpenAI released the full version of GPT-5.5-Cyber, its most capable model for finding and helping patch software vulnerabilities
3
. The updated model achieved an 85.6% score on the CyberGym benchmark, which measures whether an AI agent can reproduce known vulnerabilities in testing environments—an improvement from 81.8% for standard GPT-5.5 and beating Anthropic's Mythos 5, which scored 83.8%2
.
Source: Digit
The model can sustain deeper analysis across large codebases to identify security issues, validate them in controlled environments, and develop and test patches
3
. Access remains restricted to vetted security defenders through OpenAI's Trusted Access for Cyber program5
.Related Stories
The broader Daybreak initiative has already surfaced significant vulnerabilities across operating systems and web browsers. Findings include 8 kernel pointer information leak proofs-of-concept and 24 local privilege escalation exploits in the Linux Kernel, a 23-year-old use-after-free flaw in OpenBSD's kernel, and 34 vulnerabilities with 7 local privilege escalation PoCs in FreeBSD
3
.Browser security work proved particularly productive. Researchers reported 5 exploitable vulnerabilities in Google Chrome's V8 JavaScript engine and more than 10 exploitable Apple Safari vulnerabilities
5
. Mozilla patched a WebAssembly vulnerability (CVE-2026-8390) in Firefox just two days before Pwn2Own Berlin, after which five of six Firefox entries registered for the contest withdrew5
.The initiative addresses mounting concerns about AI-generated bug reports overwhelming maintainers. Research from the Linux Foundation and Harvard found that 94% of widely used projects had fewer than 10 developers responsible for more than 90% of code added annually
5
. Many maintainers struggle to sort through AI-generated slop reports that make backlogs feel insurmountable2
.OpenAI is also launching the Daybreak Cyber Partner Program, allowing vetted security vendors to integrate GPT-5.5 with Trusted Access for Cyber into their products and services
4
. Launch partners include Accenture, Cisco, CrowdStrike, IBM, Okta, Palo Alto Networks, and Wiz5
.Since its research preview launched in March, Codex Security has scanned more than 30 million commits across more than 30,000 codebases, with human reviewers marking more than 70,000 findings as fixed
5
. OpenAI has established Trusted Access partnerships with Australia, Canada, France, Germany, Japan, South Korea, Poland, and EU institutions3
4
. The announcements come as Anthropic faces regulatory challenges, with its Mythos 5 and Fable 5 models pulled from the market amid Trump administration concerns about AI cybersecurity capabilities2
.Summarized by
Navi
[2]
12 May 2026•Technology

11 Dec 2025•Policy and Regulation

06 Mar 2026•Technology

1
Technology

2
Business and Economy

3
Technology
