OpenAI on Monday said it is releasing an improved GPT-5.5-Cyber model to trusted defenders as part of its Daybreak initiative, saying the system can analyze large codebases, validate issues in controlled settings and help develop patches for software vulnerabilities.
KEY FACTS
- Model update GPT-5.5-Cyber is being expanded for defenders focused on finding and fixing bugs.
- Security plugin An update to the Codex Security plugin is aimed at speeding up scans, triage and patch generation.
- Open source push The new Patch the Planet effort will work with Trail of Bits on shared infrastructure projects.
- Reported findings Daybreak has already surfaced issues in Linux, OpenBSD, FreeBSD, Chrome, Safari and Firefox.
In a company disclosure, the model was described as its strongest yet for finding and helping patch software vulnerabilities. The disclosure said it can sustain deeper analysis across large codebases and support validation in controlled environments.
The update to the Codex Security plugin is intended to help developers run deep scans, review recent code changes and generate reports with severity, affected locations, validation evidence and remediation guidance. It can also triage findings from scanners, advisories, bug bounty reports and ticketing systems.
OpenAI is also launching Patch the Planet with Trail of Bits to help secure open-source projects. Initial participants include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python and python.org.
The disclosure said Daybreak has already helped surface vulnerabilities across operating systems and browsers, including kernel information leaks and local privilege escalation exploits in Linux, a use-after-free in OpenBSD, and multiple issues in FreeBSD, dnsmasq, Chrome, Safari and Firefox. It also cited an HTTP/2 denial-of-service technique affecting major implementations such as NGINX, Apache, IIS and Pingora.
The broader effort comes as security teams face a growing burden from faster vulnerability discovery and the need to verify, triage and patch issues quickly. The article also cited government warnings that advanced AI can speed up cyber threats and shrink the time between discovery and exploitation.
WHY IT MATTERS
The push reflects a shift in software security from finding bugs to closing them faster, especially in open-source code that is widely reused. It also shows how AI tools are being positioned for defensive work as the window to fix vulnerabilities continues to narrow.