There have been detection problems in the area of cybersecurity all along. Alert generation overwhelms the security teams, vulnerability discovery occurs much faster than vulnerability fixing, and that is where attacks occur. The Daybreak project of OpenAI, which has been significantly expanded this week, is founded on the following basic premise: bug discovery has never been the issue. The problem is how to fix them.
Daybreak is an effort by OpenAI to leverage frontier artificial intelligence throughout the whole process of remediation – from alert generation through validation of alerts to patch generation and deployment. This is how each of the three major components works.
Also read: Sakana AI’s Fugu: This Japanese AI claims to match Anthropic’s Fable 5 and Mythos Preview
Daybreak makes use of Codex Security as its engine. Codex Security generates a threat model for that specific codebase, identifies realistic attack vectors, tests for vulnerabilities in controlled environments, and suggests remedies after human analysis. The crucial difference between it and the usual scanning software is the fact that it doesn’t provide an array of findings but focuses on the ones that can be exploited, giving engineers data instead of making assumptions. Companies interested in the Daybreak service provided by OpenAI can request a vulnerability scan of their codebase by Codex Security. The costs are unknown.
There are three levels of access available through Daybreak for the OpenAI models. There is Standard GPT-5.5 for general use. GPT-5.5 with Trusted Access for Cyber is the key model for verification in defensive tasks in authorized environments. GPT-5.5-Cyber is the least restrictive level of access, limited to verified entities, and is used for red team exercises, penetration tests, and vulnerability testing.
Also read: The Mac Mini is the best on-device AI computer you can buy: Here’s why
The newly released GPT-5.5-Cyber model has an accuracy rate of 85.6 percent on OpenAI’s internal CyberGym test, compared to 81.8 percent previously, and can perform deeper analyses in large repositories of code. This new model has already detected vulnerabilities in Firefox, V8, Safari, and HTTP/2 implementations.
The third is Patch the Planet, which is an effort co-launched with Trail of Bits through partnership with HackerOne that helps open source projects progress from findings to fixings. More than 30 projects are signed up for this program, such as cURL, Go, Python, Sigstore, and pyca/cryptography. This program is bringing researchers, maintainers, and enterprises together into a shared governance model with human oversight and auditing.
Lying beneath all of that is the Daybreak Cyber Partner Program, through which 28 security partners – ranging from Cisco to CrowdStrike, Cloudflare, Palo Alto Networks, Wiz, and SentinelOne – can tie GPT-5.5 into Trusted Access for Cyber within their own offerings. The end user gets the benefit without having to have direct access to the model.
As OpenAI is positioning Daybreak, it’s not about scanning using AI but partnering in the process of remediation. The question is whether it closes the validation gap.
Also read: Kunal Shah as WhatsApp chief: Why Meta and Zuckerberg picked CRED co-founder?