[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCRwW5SmLLsum24zfk4KDUamBxFzmDEn0IBSNGIvrMGU":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"1cee89ac-d0ad-4998-b8df-2d73d2299318","OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws","openai-expands-daybreak-with-gpt-5-5-cyber-to-help-defenders-patch-security-flaw-92b8c5","OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its \"strongest model yet for finding and helping patch software vulnerabilities,\" OpenAI said the model can \"sustain deeper analysis across large codebases\" to identify","OpenAI has launched an improved GPT-5.5-Cyber model and updated its Codex Security plugin to assist defenders in identifying and patching software vulnerabilities. The initiative, part of the Daybreak program, aims to help developers analyze large codebases, validate findings, and generate patches. OpenAI is also partnering with Trail of Bits on the \"Patch the Planet\" initiative to secure open-source projects, addressing the growing challenge of vulnerability patching as AI accelerates discovery.","OpenAI releases GPT-5.5-Cyber and Codex Security plugin to help defenders find and patch software vulnerabilities.","OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws Ravie LakshmananJun 23, 2026Artificial Intelligence \u002F Codex Security OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its \"strongest model yet for finding and helping patch software vulnerabilities,\" OpenAI said the model can \"sustain deeper analysis across large codebases\" to identify security issues, validate them in a controlled environment, and develop and test patches. In tandem, the tech upstart is releasing an update to the Codex Security plugin⁠ to speed up the process of discovering and patching vulnerabilities in existing systems, alongside preventing new vulnerabilities from entering production codebases. \"Developers can run deep scans or review recent changes, generate reports with severity, affected code locations, validation evidence, and remediation guidance, trace attack paths, build threat models, validate findings, and generate codebase-specific patches for review,\" OpenAI said. On top of that, the plugin⁠ can triage and validate existing findings from scanners, advisories, bug-bounty reports, or ticketing systems, and then facilitate patch generation at scale to quickly close a backlog of vulnerabilities. OpenAI is also launching a new initiative called Patch the Planet in partnership with Trail of Bits to help secure open-source projects. Initial participants include cURL, NATS Server, pyca\u002Fcryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org. These moves come as frontier models from Anthropic and OpenAI are accelerating vulnerability discovery, leaving software maintainers overwhelmed with an ever-increasing volume of bugs that need to be verified, triaged, and patched. While previously the challenge lay in finding vulnerabilities, the bottleneck has now shifted to patching them. AI models come with capabilities to navigate large codebases, reason through attack paths, and flag security issues that might have otherwise stayed hidden. Case in point is a 29-year-old flaw in the Squid web proxy (CVE-2026-47729, aka Squidbleed) that can leak cleartext HTTP requests belonging to other users under certain conditions. Cyber experts have also raised concerns that more advanced AI models are turbocharging bad actors' abilities to take advantage of security vulnerabilities, forcing the industry to plug the holes almost as soon as they are discovered. \"Threat actors with limited technical expertise can use publicly available AI models for malicious purposes,\" the Canadian Centre for Cyber Security said in guidance released in May 2026. \"Organizations should assume that AI-driven exploitation may bypass preventative controls, significantly outpace vendors' capacity to publish corrective measures and challenge the organization's ability to deploy.\" Patch the Planet aims to reduce this undue burden placed on maintainers by letting security engineers review and validate findings, work with projects to develop patches and tests, and help build reusable vulnerability discovery workflows with the goal of improving security even after the initial fixes are released. \"With Patch the Planet, we are working with researchers, maintainers, enterprises, and partners to make powerful cyber capability available to defenders with appropriate access, governance, and human oversight,\" OpenAI said. The AI company also said the Daybreak initiative has already helped surface a number of vulnerabilities across various operating systems and web browsers - 8 kernel pointer information leak proofs-of-concept (PoCs) and 24 local privilege escalation exploits in the Linux Kernel A 23-year-old use-after-free⁠ in OpenBSD's kernel implementation of System V semaphores 34 vulnerabilities and 7 local privilege escalation PoCs in FreeBSD 6 vulnerabilities in dnsmasq (CVE-2026-4890⁠, CVE-2026-4891⁠, CVE-2026-4892⁠, and CVE-2026-5172⁠) A denial-of-service (DoS) technique called HTTP\u002F2 Bomb impacting major HTTP\u002F2 implementations, including NGINX, Apache, IIS, and Pingora 5 exploitable vulnerabilities in Google Chrome's V8 JavaScript engine 10 exploitable Apple Safari vulnerabilities A WebAssembly vulnerability (CVE-2026-8390⁠) in Mozilla Firefox \"Patch the Planet is designed to put that full defensive loop in service of maintainers: discovery, validation, severity review, disclosure, patch development, testing, and deployment,\" OpenAI said. \"Frontier models can make parts of that loop faster, but the aim is to give the people responsible for shared infrastructure better tools and more capacity, while preserving their agency over how changes land.\" The developments go hand in hand with bad actors misusing AI to compress the time between finding and exploiting a weakness, shrinking the window defenders have to respond. The use of vibe-coded exploits also heralds a new chapter where the technology is not only lowering the barrier to exploit development, but also enabling attackers to cast a wide net across newly disclosed vulnerabilities with lesser effort. Intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. have warned that advanced AI models can expedite the speed, scale, and sophistication of cyber threats, while lowering the barrier for malicious actors and shrinking the window between vulnerability discovery and exploitation ever more quickly. \"Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months, the agencies noted. \"In this environment, cyber resilience is integral to advancing business continuity, market confidence, and long-term value.\" \"Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy. Those that do not will face growing operational and strategic disadvantage.\" Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  artificial intelligence, Codex Security, GPT-5.5-Cyber, Open Source, OpenAI, Patch Management, Vulnerability Management ⚡ Top Stories This Week Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More ⭐ Featured Resources Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale [Watch Demo] See Which Security Gaps Attackers Could Exploit First AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check","https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fopenai-expands-daybreak-with-gpt-55.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEh5t7SN4kPSfgifNku4Z0eWG5x1Dd8CIb99OAHuktz4ZGAeIrwDEnLwD9DUkRj8nStBQjzxOgWO2hfsGYI07Yp8gQGtXiSBIqlQXtzDTc3bkveScQ2gd-WbUmBA0L1xVDXhbrukUIuWdLaMPyiDZO-5-tWlq-kwFdImdd-h7YVkO7oGDN08bv25RJ2TRDt8\u002Fs1600\u002Fopne.jpg","2026-06-23T03:56:58+00:00","2026-06-23T06:00:12.485697+00:00",8,[18,21,24,26,28,30],{"name":19,"type":20},"GPT-5.5-Cyber","product",{"name":22,"type":23},"OpenAI","vendor",{"name":25,"type":20},"Codex Security plugin",{"name":27,"type":20},"cURL",{"name":29,"type":20},"NATS Server",{"name":31,"type":20},"pyca\u002Fcryptography","839da5c1-3c34-47e2-9499-f7201640e3ac",{"id":32,"icon":34,"name":35,"slug":36},null,"AI Security","ai-security",[38,43,48,50],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":49},{"id":32,"icon":34,"name":35,"slug":36},{"category":51},{"id":52,"icon":34,"name":53,"slug":54},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",[56],{"type":57,"value":58,"context":59},"cve","CVE-2026-47729","Squid web proxy vulnerability"]