OpenAI expanded Daybreak on June 22 with a clearer answer to a hard security problem: frontier models can find more vulnerabilities, but someone still has to validate, prioritize, patch, test, and disclose them.
The update has three parts. OpenAI is updating Codex Security for defensive workflows, releasing GPT-5.5-Cyber through a limited trusted-defender program, and launching Patch the Planet with Trail of Bits, HackerOne, Calif, researchers, and open-source maintainers.
That makes this more than another benchmark post. OpenAI is trying to move the security story from “AI found a bug” to “AI helped a trusted team land a fix.”
The bottleneck is patching
OpenAI says Codex Security has scanned more than 30,000 codebases and more than 30 million commits. Human reviewers have marked more than 70,000 findings as fixed, and more than 500,000 findings have been automatically determined to be fixed.
Those numbers matter because they point at the operating problem. If AI makes vulnerability discovery cheaper, alert volume rises. A maintainer or security team does not need an infinite inbox of possible issues. It needs evidence, severity, reachability, a patch, a test, and a disclosure path.
OpenAI’s Daybreak framing is that patching becomes the scarce resource. Codex Security is meant to run codebase scans, review recent changes, trace attack paths, build threat models, validate findings, and generate patches for review. OpenAI is careful to say humans stay in control of which findings to investigate and which changes to apply.
That caveat is not decoration. It is the whole difference between useful defensive automation and more noise.
GPT-5.5-Cyber is for trusted defenders
OpenAI is also updating GPT-5.5-Cyber, a more permissive model for authorized cybersecurity work. The company says the model reached 85.6% on CyberGym, compared with 81.8% for GPT-5.5. It also reports 39.5% versus 25.95% on ExploitGym and 69.8% versus 63.1% on SEC-bench Pro.
Those are OpenAI’s benchmark claims, not independent proof that every defender should get the model. OpenAI says GPT-5.5-Cyber is intended for verified defenders whose work needs advanced cyber capabilities and more permissive behavior, paired with monitoring, scoped controls, and review.
That access model is the important policy signal. The same capability that helps defenders validate vulnerable code can also lower the cost of abuse if released broadly. OpenAI is trying to keep the more powerful workflow inside trusted access while putting the everyday defensive loop into Codex Security and partner products.
Patch the Planet targets shared infrastructure
Patch the Planet is the most concrete part of the announcement. OpenAI says the initiative starts with projects including cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org.
Trail of Bits has committed its security research organization to the initial surge. Security engineers review findings before they reach maintainers, help develop patches and tests, and coordinate disclosure through project channels. Participating projects receive ChatGPT Pro, conditional Codex Security access, and API credits for development and release workflows.
The early field notes are striking but should be read as early program evidence. Trail of Bits engineers used Codex and GPT-5.5-Cyber across 19 open-source projects, identified hundreds of issues, merged dozens of patches, and built fuzzing, variant-analysis, differential-testing, and specification-based testing workflows.
OpenAI also gives examples from Daybreak work across the Linux kernel, OpenBSD, FreeBSD, dnsmasq, HTTP/2 implementations, Chrome V8, Safari WebKit, and Firefox. Some project details are withheld while disclosure is underway.
The useful metric is fixes, not findings
For open-source maintainers, the risk is obvious. AI-assisted security research can become another source of reports that small teams must triage without more time, money, or help. Patch the Planet is designed to reduce that burden by putting expert review between model output and maintainer attention.
That is the standard this kind of program should be judged against. Did it land patches maintainers accepted? Did it improve tests and CI? Did it reduce duplicate or low-quality reports? Did it leave reusable workflows that projects can keep using?
The next checkpoint is disclosure quality. OpenAI says deeper technical reports will come as fixes land and coordinated disclosures conclude. Those reports will show whether Daybreak is producing durable security engineering or just a larger vulnerability-discovery surface.
