{"slug": "openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too", "title": "OpenAI: Yoo-hoo, look over here, we do that security stuff too!", "summary": "OpenAI released an improved GPT-5.5-Cyber model for vulnerability discovery and patching, expanded its cybersecurity partner program, and launched a Patch the Planet initiative to secure 30 open source projects. The moves aim to bolster AI-driven security amid growing concerns over AI-powered cyberattacks and regulatory scrutiny of rival Anthropic.", "body_md": "OpenAI announced a flurry of cybersecurity-related AI news on Monday, releasing an improved version of GPT‑5.5‑Cyber, its most advanced vulnerability-finding model, along with an expanded partner program for cybersecurity vendors, an update to its Codex Security scanner, and an initiative to “Patch the Planet” – or at least 30 high-profile open source projects.\n\nThe announcements come as Anthropic’s [Mythos mess keeps getting more complicated](https://www.theregister.com/ai-and-ml/2026/06/22/anthropics-mythos-mess-just-keeps-getting-more-complicated/5258577), with [national security concerns](https://www.theregister.com/security/2026/06/15/feds-freaked-over-fable-5-after-simple-fix-this-code-prompt-not-jailbreak-says-researcher/5255827) clouding [defenders’ abilities to use](https://www.theregister.com/ai-and-ml/2026/06/15/us-clampdown-on-anthropic-models-sends-eu-sovereignty-surge-into-overdrive/5255487) that AI company’s [most advanced models](https://www.theregister.com/ai-and-ml/2026/06/09/anthropic-spins-a-fable-of-a-tamer-safer-mythos/5253106) to find and fix vulnerabilities – or perhaps it’s just politics as usual.\n\nThey also coincide with a general feeling of FUD around [AI cyberattacks](https://www.theregister.com/cyber-crime/2026/05/22/jailbroken-gemini-helped-russian-speaking-fraudster-target-maga-crypto-users/5245390) and the [impending vulnpocalype](https://www.theregister.com/patches/2026/05/14/welcome-to-the-vulnpocalypse-as-vendors-use-ai-to-find-bugs-and-patches-multiply-like-rabbits/5240027). *The Reg’s *vultures will keep out collective eyes on all of this.\n\nFirst off: GPT‑5.5‑Cyber. After releasing a preview version of the model to a [select group of “trusted defenders,”](https://www.theregister.com/security/2026/05/01/openai-locks-gpt-55-cyber-behind-velvet-rope/5219691) OpenAI on Monday released an update that it says makes the model even better at finding – and also fixing – bugs in code.\n\n“It is our strongest model yet for finding and helping patch software vulnerabilities, while retaining GPT‑5.5’s general-purpose intelligence and ability to work across long, complex tasks,” the AI shop [said](https://openai.com/index/daybreak-securing-the-world/). “The model can sustain deeper analysis across large codebases: identifying security-relevant components, tracing whether vulnerable code is reachable, validating likely issues in controlled environments, developing and testing patches, and preparing evidence for human review.”\n\nOpenAI said it evaluated the update and 5.5 preview using a few different benchmarks: CyberGym, which test how well AI systems can reproduce known vulnerabilities; ExploitGym, which determines how well models can turn known vulnerabilities into working exploits that achieve unauthorized code execution; and SEC-bench Pro, which measures AI systems’ long-horizon vulnerability discovery and proof-of-concept generation capabilities.\n\nThe updated version 5.5 outperformed the preview model in all three tests, we’re told.\n\nOn CyberGym, the updated GPT‑5.5‑Cyber reached 85.6 percent success, compared with 81.8 percent for GPT‑5.5. On ExploitGym, it outperformed the earlier model 39.5 percent versus 25.95 percent. And on SEC-bench Pro, GPT‑5.5‑Cyber hit 69.8 percent, compared with 63.1 percent for GPT‑5.5.\n\nPlus, OpenAI assures everyone that it’s had “ongoing dialogue” with the US government, including about its latest model plus upcoming releases, so hopefully that insulates the company against any surprise export controls.\n\nOpenAI also expanded its partner program. The [OpenAI Daybreak Cyber Partner Program](https://openai.com/daybreak/partners/) currently has about 30 security-vendor and service-provider partners, and only these select firms get to use the updated GPT‑5.5‑Cyber model. OpenAI says it plans to add more organizations to the elite group “in the coming months.”\n\n**FOSS flaw-finding**\n\nAlso on Monday, OpenAI announced [Patch the Planet](https://trailofbits.com/patch-the-planet), an initiative to help open source project maintainers find and patch vulnerabilities. This initiative, co-founded with Trail of Bits and launched in collaboration with HackerOne and AI-powered bug hunting outfit Calif, provides participating open source projects with ChatGPT Pro, conditional access to its Codex Security scanner, and API credits for core development, maintainer automation, and release workflows.\n\n“Maintainers define their priorities, preferences, and established disclosure processes,” according to OpenAI. “Patch the Planet security researchers then manage the work end to end - validating and deduplicating both vulnerabilities and patches before they reach maintainers, significantly reducing the burden on maintainers and speeding up remediation.”\n\nTrail of Bits [reports](https://gist.github.com/patch-the-planet/69fd1aa925c8e73edea9e6e967043cbb) that in the first week alone, Patch the Planet [uncovered hundreds of bugs](https://blog.trailofbits.com/2026/06/22/introducing-patch-the-planet/), and generated 64 pull requests with 51 issues filed across 19 projects.\n\nThe 19 projects Patch the Planet assists includes cURL, NATS, pyca, Sigstore, aiohttp, the Go project, freenginx, Python and python.org, urllib3, PyPI, SimpleX, Valkey, and RustCrypto.\n\nMore than 30 projects have joined so far, and project maintainers can [apply to join](https://trailofbits.com/patch-the-planet) the initiative.\n\nSome of the initiative’s highlights from the week include using GPT-5.5-Cyber to build a full-scale fuzzing lab in under a day – an effort we’re told would have take human fuzzing experts two or three weeks to do manually.\n\nPatch the Planet also used Codex to build a CVE variant analysis pipeline. This also took less than a day to complete.\n\nSpeaking of Codex: OpenAI on Monday released a [Codex Security plugin](https://openai.com/daybreak/codex-security-plugin/) that the company says “enables out-of-the-box defensive security workflows,” allowing developers to integrate Codex into their workflows and CI/CD pipelines.\n\nThe scanner, which was released as a research preview in March, has so far scanned more than 30 million commits across more than 30,000 codebases, according to OpenAI. Of these, human reviewers have manually marked about 70,000 findings as fixed, and AIs have auto-determined that more than 500,000 findings are fixed.\n\nIn addition to performing automated scans and reviewing code changes, the new plugin can “triage and validate existing findings from scanners, advisories, bug-bounty reports, or ticketing systems, then automate patch generation at scale to quickly close a backlog of vulnerabilities,” OpenAI said.\n\nAfter it completes a scan, the AI coding agent can export reports to existing vulnerability management systems or integrate into tools with SARIF files and CodeQL queries. “The plugin makes these capabilities much more accessible to support automated pipelines with Codex CLI or integrate into developer workflows in the Codex app,” according to OpenAI. ®", "url": "https://wpnews.pro/news/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too", "canonical_source": "https://www.theregister.com/security/2026/06/23/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too/5259842", "published_at": "2026-06-22 23:34:34+00:00", "updated_at": "2026-06-24 00:07:36.901226+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety", "ai-policy", "ai-products", "ai-tools"], "entities": ["OpenAI", "GPT-5.5-Cyber", "Anthropic", "Codex Security", "CyberGym", "ExploitGym", "SEC-bench Pro", "Daybreak Cyber Partner Program"], "alternates": {"html": "https://wpnews.pro/news/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too", "markdown": "https://wpnews.pro/news/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too.md", "text": "https://wpnews.pro/news/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too.txt", "jsonld": "https://wpnews.pro/news/openai-yoo-hoo-look-over-here-we-do-that-security-stuff-too.jsonld"}}