OpenAI’s latest cybersecurity AI found a use-after-free vulnerability that had been hiding in OpenBSD’s kernel for 23 years. On June 22, the company expanded its Daybreak security platform with three new tools: a full release of GPT-5.5-Cyber, a new Codex Security plugin, and Patch the Planet — an initiative to automate vulnerability discovery across critical open-source projects.
OpenAI announced the full expansion of its Daybreak security platform on June 22, publishing details on three new components: GPT-5.5-Cyber, Codex Security, and Patch the Planet. The rollout deepens the company’s push into defensive AI — a bet that AI’s most commercially significant use in security won’t be attacking systems but repairing them at a scale humans can’t match.
The flagship product here is GPT-5.5-Cyber, which scored 85.6% on the CyberGym benchmark — the industry’s standard test for automated vulnerability reproduction — compared with 81.8% for the base GPT-5.5. On ExploitGym, which tests exploitation capability in a sandboxed environment, it reached 39.5% versus 25.95% for the standard model. Both numbers are the new state-of-the-art on their respective benchmarks.
The 23-Year-Old Bug That Wasn’t Supposed to Survive This Long
The case that made OpenAI’s announcement land hard wasn’t a benchmark number — it was a specific bug. During an initial five-day sprint on open-source codebases, GPT-5.5-Cyber surfaced a use-after-free memory flaw in OpenBSD’s kernel that had been undetected for 23 years. On dnsmasq, Codex Security flagged patterns that matched four of six vulnerabilities that were later assigned CVE numbers and formally patched.
Those aren’t cherry-picked demos. The sprint produced hundreds of reported issues and dozens of merged patches, plus reusable fuzzing tooling that participating projects can run independently going forward. The implication is uncomfortable for anyone managing legacy codebases: this class of bug doesn’t need a nation-state to find it anymore.
What GPT-5.5-Cyber Can Actually Do
Codex Security is the product most developers will encounter. It integrates into existing Codex workflows and can scan an entire codebase, a selected folder, or a specific commit set. It produces reports with severity ratings, affected code locations, validated evidence, and remediation guidance. It can also trace attack paths and build threat models — tasks that currently take a senior security engineer several hours.
The model has one significant constraint: access to the full GPT-5.5-Cyber remains restricted to vetted defenders through OpenAI’s Trusted Access for Cyber program. That program reduces automated safety refusals for legitimate defensive tasks — code review, vulnerability triage, malware analysis, red teaming — while blocking credential theft, stealth, persistence, and malware deployment.
It is meaningfully different from giving a capable AI model to anyone who asks.
Who Gets Access — and What the Gatekeeping Is For
The partner program at launch includes Accenture, Akamai, Cisco, CrowdStrike, IBM, Okta, Palo Alto Networks, and Wiz. Those companies can embed GPT-5.5 with Trusted Access in the security products they sell to customers — meaning the model’s defensive capabilities reach enterprises without those enterprises having direct API access.
This two-tier structure is deliberate. OpenAI is not distributing a highly capable offensive AI model broadly. Partners with established track records in responsible disclosure and enterprise security get access. Everyone else gets Codex Security, which is powerful for code review but doesn’t unlock the full evaluation capabilities of GPT-5.5-Cyber.
The approach borrows from how OpenAI has handled other sensitive capabilities: restricted access with a path to broader rollout as the safety track record builds. Anthropic faced significant pushback from security researchers when Claude Fable 5 shipped with guardrails that blocked legitimate offensive security research. OpenAI’s model here is more permissive for vetted defenders — but that vetting still creates a significant barrier.
Patch the Planet: The Bigger Bet
The most ambitious piece of the announcement isn’t a model — it’s an initiative. Patch the Planet, co-founded with Trail of Bits and running in collaboration with HackerOne, funds security researchers to work directly with maintainers of critical open-source projects. Over 30 projects have committed, including cURL, Go, Python, Sigstore, and pyca/cryptography.
Every finding gets reviewed by a human security engineer before it reaches a maintainer. That review layer matters: automated vulnerability scanners have historically produced enough false positives that maintainers deprioritize or distrust them entirely. If OpenAI can sustain a high signal-to-noise ratio here, it could shift how open-source security research works structurally.
The governance question isn’t resolved: who decides what gets disclosed, when, and to whom? OpenAI hasn’t published a formal disclosure policy for Patch the Planet findings. That gap will matter more as the initiative scales.
Frequently Asked Questions
What is OpenAI GPT-5.5-Cyber?
GPT-5.5-Cyber is OpenAI’s specialized AI model for cybersecurity defense. It scored 85.6% on the CyberGym benchmark for vulnerability reproduction, compared with 81.8% for the base GPT-5.5 model. Access is restricted to vetted security organizations through OpenAI’s Trusted Access for Cyber program.
What is Patch the Planet?
Patch the Planet is an OpenAI initiative co-founded with security firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source projects. Over 30 projects have committed to participate, including cURL, Python, and Go. A human security engineer reviews all findings before they reach maintainers.
What is the Daybreak platform?
Daybreak is OpenAI’s cybersecurity initiative, first launched in May 2026. It provides AI-powered tools for defenders, including GPT-5.5-Cyber for vulnerability analysis, Codex Security for code scanning, and the Patch the Planet initiative for open-source project hardening.
Who can access GPT-5.5-Cyber?
Access to the full GPT-5.5-Cyber model is restricted to vetted organizations through OpenAI’s Trusted Access for Cyber program. Enterprise customers of launch partners — including Accenture, Cisco, CrowdStrike, and IBM — can access the model’s capabilities through their security products. Direct API access requires formal vetting.
How does GPT-5.5-Cyber compare to standard AI models for security?
GPT-5.5-Cyber outperforms the base GPT-5.5 on all security benchmarks: 85.6% vs 81.8% on CyberGym, 39.5% vs 25.95% on ExploitGym, and 69.8% vs 63.1% on SEC-bench Pro. It can sustain deeper analysis across large codebases than general-purpose models, making it significantly more effective for vulnerability discovery and code review at scale.
The Patch the Planet sprint results — hundreds of issues found, dozens of patches merged, one 23-year-old kernel bug exposed — are the most concrete evidence yet that AI-driven vulnerability research can deliver at scale. OpenAI’s challenge now is operationalizing that signal across the internet’s critical infrastructure without creating the AI-powered attack tooling it’s trying to prevent.
For developers maintaining production systems, Codex Security is available now through AI coding workflows. The higher-capability GPT-5.5-Cyber will reach you through your security vendor before it reaches you directly.
Last Updated: June 2026
