OpenAI has released its GPT-5.5-Cyber model, a specialized cybersecurity tool that outperforms Anthropic's Mythos on key benchmarks. The model is part of the Daybreak initiative, which aims to automate the process of identifying and resolving software vulnerabilities. OpenAI claims that GPT-5.5-Cyber achieves the highest performance in cybersecurity tasks, including reproducing known flaws and generating patches. The model is now available after its preview phase and is designed to work alongside the updated Codex Security plugin, which automates the full workflow from vulnerability discovery to patch generation. OpenAI also announced a partner program with over 25 security firms and several governments to enhance its cybersecurity capabilities. The company is expanding its collaboration with governments and plans to work with critical infrastructure operators in the U.S. as part of an executive order on AI security. The Daybreak initiative includes an open-source patching project, Patch the Planet, which has attracted over 30 open-source projects to improve software security. Security researchers are working with maintainers to validate and deduplicate flaws and patches before they are merged into codebases. A recent five-day sprint identified hundreds of issues and led to dozens of merged patches, according to OpenAI.

The Codex Security plugin, which was initially released as a research preview in March, has scanned over 30 million commits across more than 30,000 codebases. It has automatically flagged over 500,000 findings as fixed and had 70,000 manually confirmed by human reviewers. The updated plugin includes deep codebase scans, attack path analysis, and export capabilities to existing vulnerability management systems through SARIF files or CodeQL queries. It can also triage findings from other scanners or bug bounty reports and automate patch generation in batch mode. While humans still sign off on every change, the plugin is designed to act like a security engineer working alongside developers. OpenAI emphasized that the GPT-5.5-Cyber model is more permissive than standard models and refuses fewer requests, but access is restricted to verified defenders with monitoring and guardrails in place. Most users are advised to use GPT-5.5 with Trusted Access for Cyber and the Codex Security plugin for optimal results.

OpenAI has partnered with over 25 security firms and several governments to advance its cybersecurity capabilities. Partners include Cisco, CrowdStrike, Cloudflare, Palo Alto Networks, IBM, Fortinet, Wiz, SentinelOne, Darktrace, Palantir, Accenture, PwC, and KPMG. The company is also expanding its government work, with Trusted Access partnerships in Australia, Canada, France, Germany, Japan, South Korea, the EU agency ENISA, and the UK. In the U.S., OpenAI is working to implement a recently issued executive order on AI security and plans to collaborate directly with critical infrastructure operators. The company also launched the Patch the Planet initiative with Trail of Bits, HackerOne, and Calif to bring patching tools to open-source software. Over 30 open-source projects have signed on, including cURL, Go, Python, Sigstore, and pyca/cryptography. Security researchers work with maintainers to validate and deduplicate flaws and patches before they are merged into codebases. A first five-day sprint identified hundreds of issues and led to dozens of merged patches, according to OpenAI.

Source: thedecoder