OpenAI Releases GPT‑5.5‑Cyber With Full Automation for Vulnerability Detection and Patching

OpenAI has officially launched the full version of GPT‑5.5‑Cyber, a specialized AI model engineered for advanced vulnerability detection, patch generation, and automated remediation at machine speed.

The release is part of OpenAI’s broader Daybreak initiative, which aims to democratize defensive cybersecurity capabilities for trusted organizations worldwide.

GPT‑5.5‑Cyber delivers state-of-the-art results across three major cybersecurity evaluation benchmarks:

• CyberGym: 85.6% (vs. 81.8% for GPT‑5.5), the highest single-model score recorded.
• ExploitGym: 39.5% (vs. 25.95% for GPT‑5.5), testing exploit generation from known vulnerabilities.
• SEC-bench Pro: 69.8% (vs. 63.1% for GPT‑5.5), evaluating long-horizon vulnerability discovery across complex software targets.

The model can navigate large codebases, trace attack paths, validate exploitability, generate targeted patches, and produce remediation evidence all within a single automated workflow.

Codex Security Plugin Updated

Alongside the model release, OpenAI has updated the Codex Security plugin, now capable of deep codebase scanning with automated patch generation. Since launching in research preview in March 2026, Codex Security has:

• Scanned over 30 million commits across more than 30,000 codebases
• Processed over 70,000 manually verified fixes
• Automatically resolved over 500,000 findings

The plugin integrates directly into developer workflows, supporting SARIF exports, CodeQL queries, and existing vulnerability management pipelines. It generates severity-rated reports with affected code locations, attack path tracing, and codebase-specific patches for human review.

OpenAI launched Patch the Planet, a collaborative initiative co-founded with Trail of Bits and partnered with HackerOne and Calif, to address the critical vulnerability remediation gap in open-source software. More than 30 open-source projects have committed to participate, including:

• cURL, Go, Python, Sigstore, and pyca/cryptography

An initial five-day sprint across multiple projects surfaced hundreds of issues, merged dozens of patches, and built reusable fuzzing and variant-analysis workflows. Participating projects receive ChatGPT Pro, conditional Codex Security access, and API credits.

GPT‑5.5‑Cyber is distributed exclusively through a limited release to verified, trusted defenders. It is not available for general use. OpenAI has confirmed Trusted Access for Cyber partnerships with Australia, Canada, France, Germany, Japan, South Korea, and EU institutions, including ENISA.

OpenAI coordinated pre-deployment testing with the Center for AI Standards and Innovation (CAISI) and worked with the Office of the National Cyber Director (ONCD) on the implementation of the June 2026 Executive Order on AI security.

For most organizations, GPT‑5.5 with Trusted Access for Cyber and Codex Security remains the recommended entry point, with GPT‑5.5‑Cyber reserved for defenders requiring the highest capability tier with enhanced monitoring and scoped controls.

OpenAI’s announcement signals a fundamental shift in the cybersecurity threat model. The historical bottleneck of finding vulnerabilities has given way to a new challenge: patching them at scale.

With Daybreak unifying frontier AI models, Codex Security workflows, open-source partnerships, and critical infrastructure collaboration, OpenAI is positioning AI-driven remediation, not just detection, as the next frontier in cyber defense.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.