OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
Summary
OpenAI expanded its Daybreak cybersecurity initiative to focus on fixing vulnerabilities faster rather than just finding them, arguing that AI models have made vulnerability discovery so fast that security teams are overwhelmed by the volume of findings. The company released an updated Codex Security plugin (a tool that scans code and generates patches) and GPT-5.5-Cyber (a specialized AI model for security work), along with Patch the Planet, a program that deploys security experts to help open source projects validate and fix vulnerabilities.
Solution / Mitigation
OpenAI released an updated Codex Security plugin that 'can scan entire codebases, trace attack paths, construct threat models, validate findings, generate patches, and export results into existing vulnerability management pipelines via SARIF files and CodeQL queries.' The company also launched GPT-5.5-Cyber, described as capable of 'sustain[ing] analysis across large codebases, assess[ing] whether vulnerable code is actually reachable, and carry[ing] work through to patch development and testing.' Additionally, Patch the Planet deploys expert security researchers to work with open source project maintainers to handle 'validation, deduplication, and patch development.'
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/openai-refocuses-cybersecurity-efforts-on-patching-over-discovery/
First tracked: June 23, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%