OpenAI has significantly expanded Daybreak, its cybersecurity initiative, with the full release of GPT-5.5-Cyber, an upgraded Codex Security tool, a partner program spanning more than two dozen security firms, and a new open-source remediation effort called Patch the Planet. The June 22, 2026 announcement marks a shift in AI security from raw vulnerability discovery toward validated, automated fixes.
GPT-5.5-Cyber leads on defensive benchmarks
OpenAI describes GPT-5.5-Cyber as its strongest model yet for finding and helping patch software vulnerabilities. The model posts state-of-the-art results across three major evaluations: 85.6% on CyberGym, 39.5% on ExploitGym and 69.8% on SEC-bench Pro, each ahead of the general-purpose GPT-5.5. It is positioned as a more capable and more permissive model for authorized, defensive security work.
Codex Security and a 28-partner program
Codex Security now embeds security workflows directly inside Codex, including codebase scans, threat modeling, attack-path analysis, validation evidence, remediation guidance and code-specific patch generation. Through the new Daybreak Cyber Partner Program, OpenAI will make selected defensive capabilities available via products and services from more than 20 security businesses, extending the reach of its models into commercial security operations. The push builds on OpenAI's recent general availability of GPT-5.5 and Codex and its enterprise Codex expansion.
Patch the Planet targets open source
Patch the Planet, founded with Trail of Bits and in collaboration with HackerOne and a community of researchers and maintainers, aims to help widely used open-source projects move from findings to verified fixes. The effort reflects a broader industry trend toward AI-native, agentic security tooling, seen in funding rounds such as Twenty's offensive-security raise and Dream's sovereign AI cyber-defense round. By pairing a specialized model with remediation workflows and open-source maintainers, OpenAI is betting that the next phase of AI security is measured not in bugs found, but in fixes shipped.
Reporting based on coverage from OpenAI, The Hacker News and Cyber Security News.
