OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
Security WeekArchived Jun 23, 2026✓ Full text saved
OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships. The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
OpenAI on Monday expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships, framing the effort around a problem it says has become more pressing than vulnerability discovery itself: getting patches deployed.
The company argues that AI models have fundamentally changed the security landscape by accelerating the rate at which vulnerabilities are found to the point where defenders are now overwhelmed by the volume of findings.
To address the vulnerability remediation bottleneck, the company released an updated Codex Security plugin designed to further enhance security workflows. The tool integrates directly into Codex and can scan entire codebases, trace attack paths, construct threat models, validate findings, generate patches, and export results into existing vulnerability management pipelines via SARIF files and CodeQL queries.
[ Read: AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask ]
Since a research preview launched in March, Codex Security has processed more than 30 million commits across over 30,000 repositories, with human reviewers confirming more than 70,000 fixes and an additional 500,000 findings resolved automatically.
Alongside the plugin update, OpenAI launched the full version of GPT-5.5-Cyber, following an earlier release that focused on reducing unnecessary refusals. The updated model is described as OpenAI’s most capable offering for authorized security work, able to sustain analysis across large codebases, assess whether vulnerable code is actually reachable, and carry work through to patch development and testing. Access remains limited to verified defenders.
On the CyberGym benchmark, which tests whether an agent can reproduce known vulnerabilities, the model scored 85.6%, compared to 81.8% for the standard GPT-5.5.
OpenAI also unveiled Patch the Planet, an initiative founded with Trail of Bits and developed in collaboration with HackerOne and Calif. The program deploys expert security researchers equipped with Codex Security and OpenAI models to work alongside maintainers of widely used open source projects.
Researchers handle validation, deduplication, and patch development before anything reaches maintainers, to reduce the burden on teams that are often small and under-resourced. More than 30 projects have signed on, with early participants including cURL, Go, Python, Sigstore, and pyca/cryptography.
OpenAI also announced the Daybreak Cyber Partner Program, through which security vendors can integrate GPT-5.5 with Trusted Access for Cyber into their own products and services. Launch partners include many cybersecurity giants.
The AI company plans to expand the program in the coming months and is also working directly with governments to help them boost their cyber defenses and protect critical infrastructure.
Related: OpenAI Rolling Out ChatGPT Account Security Controls
Related: 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
Related: OpenAI Hit by TanStack Supply Chain Attack
Related: OpenAI Rolls Out Advanced Security for ChatGPT Accounts
WRITTEN BY
Eduard Kovacs
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push
Rokarolla Banking Trojan Targets 200 Applications
SailPoint to Acquire Entro in Reported $200 Million Deal
Kodak Admits Data Breach After ShinyHunters Hack Claims
Latest News
Algerian Man Extradited to US for Running Cybercrime Marketplaces
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
Russian Initial Access Broker Behind FortiBleed Campaign
Canadian Electricity Provider London Hydro Discloses Data Breach
Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration
Xsolis Data Breach Affects 1.4 Million Individuals
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Trending
Webinar: How Modern Breaches Bypass MFA And Evade Detection
June 17, 2026
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
Register
Webinar: Modern Exposure Validation In The AI Era
June 24, 2026
AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
Register
People on the Move
SolarWinds has appointed Justin Henkel as Chief Information Security Officer.
J. Paul Haynes has joined Cinchy as Chief Executive Officer.
Hatem Naguib has become Chief Executive Officer at Sysdig.
More People On The Move
Expert Insights
What The Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George)
No Exploits Required
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley)
After AI Reaches Production: 12 Ways Security Teams Can Take Control
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb)
Everybody Is Vibe Coding But Nobody Told The Security Team
AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Flipboard
Reddit
Whatsapp
Email