OpenAI has expanded its Daybreak cybersecurity initiative with a new version of GPT 5.5 Cyber and an updated Codex Security plugin designed to help developers find, validate and patch software vulnerabilities.

The company said artificial intelligence has accelerated the discovery of security flaws, shifting the industry’s main bottleneck from finding vulnerabilities to fixing them before attackers can exploit them.

GPT 5.5 Cyber is OpenAI’s most capable model for advanced authorized cybersecurity work. The model can analyze large codebases, trace potential attack paths, validate vulnerabilities in controlled environments and develop and test patches for human review.

The model scored 85.6% on CyberGym, compared with 81.8% for the standard GPT 5.5 model. CyberGym measures whether an AI agent can reproduce known vulnerabilities in software environments.

GPT 5.5 Cyber also scored 39.5% on ExploitGym, compared with 25.95% for GPT 5.5, and reached 69.8% on SEC Bench Pro, compared with 63.1% for the standard model.

Access to the model will remain limited to verified defenders whose authorized work requires more advanced and permissive cybersecurity capabilities. OpenAI said the release will include stronger verification, monitoring and account controls.

The company also updated the Codex Security plugin to support automated defensive workflows inside developer codebases.

Codex Security can build a threat model, identify vulnerabilities, determine whether affected code is reachable, collect evidence, generate targeted patches and verify whether the changes resolve the issue.

Developers can use the plugin to scan entire codebases, individual sections or specific changes and commits. It can also review findings from vulnerability scanners, bug bounty reports and security advisories before generating patches for review.

Since entering research preview in March, Codex Security has scanned more than 30 million commits across over 30,000 codebases. Human reviewers have marked more than 70,000 findings as fixed, while the system has automatically determined that more than 500,000 findings were resolved.

OpenAI also launched the Daybreak Cyber Partner Program, allowing cybersecurity companies and service providers to integrate GPT 5.5 with Trusted Access for Cyber into products used by their customers.

Initial partners include Cisco, Cloudflare, CrowdStrike, Palo Alto Networks, Check Point, Fortinet, IBM, Okta, SentinelOne and Wiz.

The company also introduced Patch the Planet, an open source security initiative founded with Trail of Bits and developed alongside HackerOne, Calif and software maintainers.

More than 30 open source projects have committed to participate, including cURL, Go, Python, Sigstore and pyca cryptography.

The program will provide maintainers with security researchers, Codex Security access, ChatGPT Pro and API credits to help validate reports, develop patches and reduce vulnerability backlogs.

OpenAI said the goal is to prevent maintainers from becoming overwhelmed by large volumes of low quality findings as AI systems become more capable of identifying security flaws.

Human researchers will review and validate vulnerabilities and patches before sending them to maintainers, while participating projects will retain control over their priorities and disclosure processes.