OpenAI Extends Daytime Out with GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it is releasing an improved version of its GPT-5.5‑Cyber model to trusted defenders as part of the Daybreak program the Artificial Intelligence (AI) company announced last month.
Calling GPT-5.5‑Cyber ”its most powerful model yet for detecting and helping to close software vulnerabilities,” OpenAI said the model can “support deep analysis across all major infrastructure” to identify security issues, verify them in a controlled environment, and develop and test patches.
In parallel, the tech upstart is releasing an update to the Codex Security plugin to speed up the process of finding and patching vulnerabilities in existing systems, in addition to preventing new vulnerabilities from entering production code bases.
“Developers can run deep scans or review recent changes, generate reports on severity, affected code areas, verification evidence, and remediation guidelines, track attack methods, build threat models, validate findings, and generate codebase-specific patches for review,” OpenAI said.
In addition, the plugin can analyze and validate existing findings from scans, advisories, bug bounty reports, or ticketing systems, and perform patch production at scale to quickly close the vulnerability backlog.
OpenAI is also launching a new program called Patch the Planet in partnership with Trail of Bits to help protect open source projects. Early contributors include cURL, NATS server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org.
The moves come as Anthropic and OpenAI boundary models accelerate vulnerability discovery, leaving software maintainers overwhelmed by an ever-growing volume of bugs that need to be verified, filtered, and patched. While previously the challenge was in detecting risk, the bottleneck has now shifted to self-protection.
AI models come with the ability to navigate large codebases, think about attack methods, and flag security issues that might otherwise remain hidden. Case in point is a 29-year-old flaw in the squid web proxy (CVE-2026-47729, aka Squidbleed) that can leak transparent HTTP requests belonging to other users under certain circumstances.
Cyber experts have also raised concerns that more advanced AI models are improving the abilities of bad actors to exploit security vulnerabilities, forcing the industry to close holes as soon as they are discovered.
“Threatening actors with limited technical expertise can use publicly available AI models for malicious purposes,” said the Canadian Center for Cyber Security in a directive issued in May 2026. “Organizations should consider that AI-driven exploitation may bypass preventive controls, greatly exceed the ability of vendors to publish corrective measures and challenge the organization’s ability to implement.”
Patch the Planet aims to reduce this unnecessary burden placed on maintainers by allowing security engineers to review and validate findings, work with projects to develop patches and tests, and help create reusable vulnerability discovery workflows with the goal of improving security even after the initial fix is released.
“Through Patch the Planet, we are working with researchers, administrators, businesses, and partners to make powerful cyber capabilities available to defenders with appropriate access, governance, and human oversight,” OpenAI said.
The AI firm also said that the Daybreak program has helped it to reveal numerous vulnerabilities in all apps and web browsers –
- 8 kernel pointer information rewards proofs-of-concept (PoCs) and 24 incremental space for increasing privileges in the Linux Kernel
- 23 years of free use of the OpenBSD kernel’s implementation of System V semaphores
- 34 vulnerability and 7 privilege escalation PoCs in FreeBSD
- 6 vulnerabilities in dnsmasq (CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, and CVE-2026-5172)
- A denial-of-service (DoS) technique called the HTTP/2 Bomb affects many HTTP/2 implementations, including NGINX, Apache, IIS, and Pingora.
- 5 exploitable vulnerabilities in Google Chrome’s V8 JavaScript engine
- 10 exploitable Apple Safari vulnerabilities
- WebAssembly vulnerability (CVE-2026-8390) in Mozilla Firefox
“Patch the Planet is designed to put that full defense loop at the service of maintainers: discovery, verification, stability review, disclosure, patch development, testing, and deployment,” OpenAI said. “Previous models can make parts of that loop faster, but the goal is to give the people responsible for shared infrastructure better tools and more capacity, while maintaining their agency over how the world changes.”
The development is accompanied by bad actors abusing AI to compress the time between finding and exploiting a weakness, the less window defenders have to respond. The use of vibe-coded actions also heralds a new chapter where technology not only lowers the barrier to funding development, but also allows attackers to cast a wider net over newly exposed vulnerabilities with less effort.
Intelligence agencies from Australia, Canada, New Zealand, the UK, and the US have warned that advanced AI models can accelerate the speed, scale, and complexity of cyber threats, while lowering the barrier for malicious actors and reducing the window between vulnerability discovery and exploitation much faster.
“Frontier Al models are expected to exceed current industry expectations, fundamentally changing both offensive and defensive cyber capabilities. The timeline is not years, it’s months, the agencies noted. “In this area, cyber resilience is part of improving business continuity, market confidence, and long-term value.”
“Success will come from getting the basics right, acting quickly, and integrating cybersecurity into a core business strategy. Those who don’t will face growing operational and strategic deficiencies.”
