OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery

Summary

OpenAI has enhanced its Daybreak cybersecurity initiative by focusing on patch deployment rather than just vulnerability discovery, citing the overwhelming volume of findings due to AI. They released an updated Codex Security plugin and GPT-5.5-Cyber model to streamline vulnerability remediation, including automated patching. The 'Patch the Planet' program collaborates with researchers and open-source projects to reduce maintainer burden.

Full text

OpenAI on Monday expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships, framing the effort around a problem it says has become more pressing than vulnerability discovery itself: getting patches deployed. The company argues that AI models have fundamentally changed the security landscape by accelerating the rate at which vulnerabilities are found to the point where defenders are now overwhelmed by the volume of findings. To address the vulnerability remediation bottleneck, the company released an updated Codex Security plugin designed to further enhance security workflows. The tool integrates directly into Codex and can scan entire codebases, trace attack paths, construct threat models, validate findings, generate patches, and export results into existing vulnerability management pipelines via SARIF files and CodeQL queries. [ Read: AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask ] Since a research preview launched in March, Codex Security has processed more than 30 million commits across over 30,000 repositories, with human reviewers confirming more than 70,000 fixes and an additional 500,000 findings resolved automatically. Alongside the plugin update, OpenAI launched the full version of GPT-5.5-Cyber, following an earlier release that focused on reducing unnecessary refusals. The updated model is described as OpenAI’s most capable offering for authorized security work, able to sustain analysis across large codebases, assess whether vulnerable code is actually reachable, and carry work through to patch development and testing. Access remains limited to verified defenders.Advertisement. Scroll to continue reading. On the CyberGym benchmark, which tests whether an agent can reproduce known vulnerabilities, the model scored 85.6%, compared to 81.8% for the standard GPT-5.5. OpenAI also unveiled Patch the Planet, an initiative founded with Trail of Bits and developed in collaboration with HackerOne and Calif. The program deploys expert security researchers equipped with Codex Security and OpenAI models to work alongside maintainers of widely used open source projects. Researchers handle validation, deduplication, and patch development before anything reaches maintainers, to reduce the burden on teams that are often small and under-resourced. More than 30 projects have signed on, with early participants including cURL, Go, Python, Sigstore, and pyca/cryptography. OpenAI also announced the Daybreak Cyber Partner Program, through which security vendors can integrate GPT-5.5 with Trusted Access for Cyber into their own products and services. Launch partners include many cybersecurity giants. The AI company plans to expand the program in the coming months and is also working directly with governments to help them boost their cyber defenses and protect critical infrastructure. Related: OpenAI Rolling Out ChatGPT Account Security Controls Related: 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials Related: OpenAI Hit by TanStack Supply Chain Attack Related: OpenAI Rolls Out Advanced Security for ChatGPT Accounts Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhonesTexas Parks & Wildlife Data Breach Affects 3 Million IndividualsCisco to Acquire WideField Security to Boost Splunk’s Agentic SOCSplunk Enterprise Vulnerability Exploited in Attacks Days After DisclosureAccenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity PushRokarolla Banking Trojan Targets 200 ApplicationsSailPoint to Acquire Entro in Reported $200 Million DealKodak Admits Data Breach After ShinyHunters Hack Claims Latest News FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS AppliancesRussian Initial Access Broker Behind FortiBleed CampaignCanadian Electricity Provider London Hydro Discloses Data BreachTrump Signs Executive Order Accelerating Post-Quantum Cryptography Migration Xsolis Data Breach Affects 1.4 Million IndividualsDecades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User DataAttackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress DataNorth Korean Hackers Blamed for Mastra NPM Supply Chain Attack Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveSolarWinds has appointed Justin Henkel as Chief Information Security Officer.J. Paul Haynes has joined Cinchy as Chief Executive Officer.Hatem Naguib has become Chief Executive Officer at Sysdig.More People On The MoveExpert Insights What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Entities