OpenAI is expanding its Daybreak cybersecurity initiative with an updated Codex Security plugin, the full GPT-5.5-Cyber model, and a partner network of more than 25 security firms and several governments.
Anthropic recently made a similar point, and OpenAI agrees. The real bottleneck in cybersecurity has moved from finding flaws to actually patching them. To close that gap, OpenAI is shipping an updated Codex Security plugin that covers the full pipeline from discovery to patch generation, along with the full release of GPT-5.5-Cyber, a specialized model that sets new highs on security benchmarks. OpenAI also launched an open-source patching initiative and a partner program with more than 25 security firms.
Codex Security update closes the loop from discovery to patch
The Codex Security plugin shipped as a research preview back in March. Since then, it's scanned over 30 million commits across more than 30,000 codebases, OpenAI says. Over 500,000 findings were automatically flagged as fixed, and human reviewers manually confirmed another 70,000.
OpenAI wants the updated plugin to act like a security engineer sitting next to every developer. It analyzes code alongside a threat model, spots flaws, checks whether affected code is actually reachable, builds a targeted patch, and verifies the result.
