OpenAI is advancing Daybreak beyond vulnerability discovery into patch automation, launching an updated Codex Security plugin, the full GPT-5.5-Cyber model in limited release, a Daybreak Cyber Partner Program, and Patch the Planet, an open-source security initiative built with Trail of Bits, HackerOne, Calif, researchers, and project maintainers.
The core shift is from finding bugs to landing fixes. Codex Security is integrated into Codex workflows and can scan an entire codebase, a selected folder, or a specific change. It can review recent commits, produce reports with severity, affected code locations, validation evidence, and remediation guidance, trace attack paths, build threat models, validate findings, generate patches, and export results into vulnerability management systems through formats such as SARIF and CodeQL queries. Since its research preview in March, OpenAI reports that Codex Security scanned more than 30 million commits across over 30,000 codebases, with human reviewers marking more than 70,000 findings as fixed and over 500,000 findings automatically detected as fixed.
GPT-5.5-Cyber is the more controlled but more capable part of this release. OpenAI states that the model is intended for verified defenders working on authorized cybersecurity tasks, not general access. It is designed for deeper codebase analysis, reachability checks, vulnerability validation, patch development, testing, and evidence preparation. On CyberGym, GPT-5.5-Cyber reached 85.6 percent compared with 81.8 percent for GPT-5.5. It also scored 39.5 percent on ExploitGym versus 25.95 percent for GPT-5.5, and 69.8 percent on SEC-bench Pro versus 63.1 percent.
Patch the Planet brings this capability into open-source software. More than 30 projects have committed to participate, with initial names including cURL, Go, Python, Sigstore, pyca/cryptography, NATS Server, aiohttp, freenginx, and Python.org. Participating projects receive ChatGPT Pro, conditional access to Codex Security, and API credits for maintainer automation and release workflows. Trail of Bits engineers are working directly with maintainers to validate issues, remove duplicates, reassess severity, write patches, support tests, and coordinate disclosure before maintainers see the final work.
OpenAI is also promoting Daybreak through a partner model rather than direct broad model access. The aim is to embed GPT-5.5 with Trusted Access for Cyber into existing security products and services, while keeping access governed through partner systems.
The company is positioning Daybreak as a defensive cyber stack for the AI era: frontier models, Codex workflows, controlled access, expert review, and security ecosystem integrations. The release is significant because OpenAI is no longer presenting AI cybersecurity only as a model capability or evaluation result. It is transforming it into an operational pipeline for scanning, validating, fixing, and reviewing software vulnerabilities across enterprise, government, and open-source environments.