OpenAI on Monday said it’s releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month.
Calling GPT‑5.5‑Cyber its “strongest model yet for finding and helping patch software vulnerabilities,” OpenAI said the model can “sustain deeper analysis across large codebases” to identify security issues, validate them in a controlled environment, and develop and test patches.
In tandem, the tech upstart is releasing an update to the Codex Security plugin to speed up the process of discovering and patching vulnerabilities in existing systems, alongside preventing new vulnerabilities from entering production codebases.
“Developers can run deep scans or review recent changes, generate reports with severity, affected code locations, validation evidence, and remediation guidance, trace attack paths, build threat models, validate findings, and generate codebase-specific patches for review,” OpenAI said.
On top of that, the plugin can triage and validate existing findings from scanners, advisories, bug-bounty reports, or ticketing systems, and then facilitate patch generation at scale to quickly close a backlog of vulnerabilities.
OpenAI is also launching a new initiative called Patch the Planet in partnership with Trail of Bits to help secure open-source projects. Initial participants include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org.
These moves come as frontier models from Anthropic and OpenAI are accelerating vulnerability discovery, leaving software maintainers overwhelmed with an ever-increasing volume of bugs that need to be verified, triaged, and patched. While previously the challenge lay in finding vulnerabilities, the bottleneck has now shifted to patching them.
AI models come with capabilities to navigate large codebases, reason through attack paths, and flag security issues that might have otherwise stayed hidden. Case in point is a 29-year-old flaw in the Squid web proxy (CVE-2026-47729, aka Squidbleed) that can leak cleartext HTTP requests belonging to other users under certain conditions.
Cyber experts have also raised concerns that more advanced AI models are turbocharging bad actors’ abilities to take advantage of security vulnerabilities, forcing the industry to plug the holes almost as soon as they are discovered.
“Threat actors with limited technical expertise can use publicly available AI models for malicious purposes,” the Canadian Centre for Cyber Security said in guidance released in May 2026. “Organizations should assume that AI-driven exploitation may bypass preventative controls, significantly outpace vendors’ capacity to publish corrective measures and challenge the organization’s ability to deploy.”
Patch the Planet aims to reduce this undue burden placed on maintainers by letting security engineers review and validate…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
