OpenAI Expands Daybreak Initiative with GPT-5.5-Cyber and Patch the Planet to Address AI-Accelerated Vulnerability Discovery

OpenAI has significantly expanded its Daybreak cybersecurity initiative, launching an improved GPT-5.5-Cyber model and enhanced Codex Security plugin to help defend against AI-accelerated vulnerability discovery. The company released the full version of GPT-5.5-Cyber through limited access to trusted defenders, achieving state-of-the-art performance on security benchmarks. The updated Codex Security plugin enables developers to conduct deep scans, generate vulnerability reports with severity assessments, validate findings, and automatically generate codebase-specific patches at scale.

Facing a fundamental shift in cybersecurity dynamics, OpenAI has established the Patch the Planet initiative in partnership with Trail of Bits, along with vulnerability management firms HackerOne and Calif. The initiative aims to address the widening gap between vulnerability discovery and patching capacity. While AI models can now efficiently identify security flaws across large codebases—a task that previously required specialized expertise—open-source maintainers, typically volunteers with limited resources, face overwhelming backlogs of vulnerability reports. In its opening week, Patch the Planet uncovered hundreds of bugs and produced dozens of patches after Trail of Bits deployed roughly one-fifth of its workforce in a coordinated five-day sprint.

More than 30 open-source projects have committed to participating in Patch the Planet, including cURL, Go, Python, Sigstore, pyca/cryptography, NATS Server, aiohttp, and freenginx. The initiative provides free security consulting, code base assessments, vulnerability validation, and patch creation support to strengthen participating projects' long-term resilience. OpenAI has also subsidized Codex Security usage to the tune of 20 trillion tokens for both open-source and private code development.

The Daybreak initiative has already surfaced critical vulnerabilities across major systems, including eight kernel pointer information leaks and 24 local privilege escalation exploits in the Linux Kernel, a 23-year-old use-after-free vulnerability in OpenBSD's semaphore implementation, 34 vulnerabilities in FreeBSD, and six vulnerabilities in dnsmasq. OpenAI has also identified infrastructure-level threats such as the HTTP/2 Bomb denial-of-service technique affecting major HTTP/2 implementations. Since launching Codex Security in March 2026, the platform has scanned over 30 million commits across more than 30,000 codebases, with human reviewers marking over 70,000 findings as fixed.

OpenAI's expanded Daybreak initiative reflects recognition that frontier AI models have fundamentally changed cybersecurity dynamics by dramatically accelerating vulnerability discovery. The company established the Daybreak Cyber Partner Program to enable security partners to scale capabilities to more organizations through trusted access to its most advanced models. According to OpenAI leadership, the goal is to democratize defensive AI capabilities—ensuring that defenders everywhere have access to tools needed to patch vulnerabilities before attackers can exploit them. This positions the initiative as a response to concerns raised by security experts, including the Canadian Centre for Cyber Security, warning that threat actors with limited technical expertise can now use publicly available AI models for malicious purposes, potentially outpacing vendors' capacity to publish corrective measures.