News and Analysis

OpenAI has expanded its Daybreak cybersecurity initiative to cover fixing vulnerabilities, not just identifying them.The AI developer has introduced a series of new tools, and signed up a host of partners to lead the scheme, including Accenture, Check Point, Cisco, CrowdStrike, IBM, and more. “Vulnerability reports, on their own, do not protect anyone. The value comes from validating the issue, understanding its impact, developing and testing a patch, coordinating disclosure, and helping teams deploy the fix,” said the firm. “We are investing alongside our partners to improve these latter steps, in order to turbocharge defenders and convert model capability into real-world risk reduction.”OpenAI said it has tweaked models to discover and generate patches for critical vulnerabilities⁠ in major browsers, network infrastructure, and operating systems such as FreeBSD and the Linux kernel. To scale the effectiveness of these capabilities, it’s launching an update to the Codex Security plugin⁠. This aims to speed up the process of discovering and patching vulnerabilities in existing systems, as well as automatically preventing new vulnerabilities from ever reaching production.OpenAI touts GPT-5.5-Cyber capabilitiesNotably – and following an initial permissive-only preview – OpenAI confirmed plans to launch the full version of GPT‑5.5‑Cyber through a continued limited release.The company is also working with researchers, maintainers, enterprises, and partners for its Patch the Planet⁠ initiative, founded with Trail of Bits to help widely used open source projects move from findings to fixes. More than 30 open source projects have committed to participate so far, including:cURLGoPythonSigstorepyca/cryptographyOpenAI leans on partnersElsewhere, the new OpenAI Daybreak Cyber Partner Program ⁠allows participating organizations to use GPT‑5.5 with Trusted Access for Cyber in the security products and services they provide. This, the firm said, allows their customers to get the benefits of the model’s defensive capabilities and make their software more resilient, but still keeps direct model access in the hands of participating partners. “Organizations are looking for practical ways to apply AI to strengthen cyber defence while maintaining strong governance and safety controls,” said Ryan Kalember, chief strategy officer at Proofpoint.“By incorporating GPT-5.5 through the OpenAI Cyber Partner Program into Proofpoint’s products, services, and AI-powered security workflows, we can help security teams improve threat investigation, decision-making, and efficiency as they protect their people, data, and AI agents.”Government engagementOpenAI said it’s also been working with government bodies in Australia, Canada, France, Germany, Japan, the Republic of Korea and the EU, on cyber testing, evaluation, and standards. “We also have a growing and trusted partnership with the UK government around cyber testing and evaluation, and other areas of mutual interest,” said the firm.”We plan to work directly with eligible operators of critical infrastructure, including government networks, to develop safeguards tailored to the systems they operate.”FOLLOW US ON SOCIAL MEDIA