How GPT‑5.5‑Cyber Beats Mythos 5 in CyberGym Benchmarks

OpenAI announced an expansion of its Daybreak security program, releasing the full‑version GPT‑5.5‑Cyber model, an updated Codex Security plugin, the Patch the Planet project, and the Daybreak Cyber Partner Program.

Benchmark Performance

The updated GPT‑5.5‑Cyber scored 85.6% on the CyberGym benchmark, exceeding GPT‑5.5’s 81.8% and Anthropic’s Mythos 5 (83.8%). On two additional high‑difficulty security benchmarks, GPT‑5.5‑Cyber achieved 39.5% on ExploitGym (vs. 25.95% for GPT‑5.5) and 69.8% on SEC‑bench Pro (vs. 63.1% for GPT‑5.5). These figures represent the highest single‑model scores reported for each benchmark.

Model Capabilities

GPT‑5.5‑Cyber is positioned for advanced, authorized cybersecurity work. It retains the general‑purpose intelligence of GPT‑5.5 while reducing unnecessary refusals and extending deep analysis across large codebases: identifying security‑relevant components, tracing vulnerable code paths, validating issues in controlled environments, generating patches, and preparing evidence for human review. The goal is to enable defenders to complete the full remediation loop rather than merely surface more vulnerabilities.

Codex Security Plugin

Since its research preview in March, the Codex Security cloud service has scanned over 30 million commits across more than 30 k repositories. Human reviewers have marked over 70 k findings as fixed, with another 500 k automatically classified as resolved. The plugin now supports out‑of‑the‑box defensive workflows: deep scans, recent‑change reviews, severity‑ranked reports, attack‑path tracing, threat‑model generation, and automated patch creation. Users can limit scans to entire repositories, subsets, or specific commits, and export results via SARIF, CodeQL, or integrate with existing vulnerability‑management tools.

Patch the Planet Initiative

Co‑launched with Trail of Bits and partnered with HackerOne, Calif, and open‑source maintainers, Patch the Planet funds security researchers and equips them with Codex Security and advanced models to help open‑source projects move from vulnerability discovery to actual fixes. The project highlights that many widely used libraries are maintained by tiny teams; a 2022 Linux Foundation/Harvard study found 94 % of such projects are run by fewer than ten developers who produce over 90 % of new code.

Through end‑to‑end management—communication of priorities, de‑duplication, verification, and patch submission—Patch the Planet reduces maintainer burden and accelerates remediation. Early sprints have uncovered hundreds of issues, merged dozens of patches, and built reusable fuzzing, differential testing, and specification‑based testing workflows.

Daybreak Cyber Partner Program

The program lets security partners embed the trusted‑access GPT‑5.5‑Cyber model into their products and services, extending advanced defensive capabilities to more organizations while retaining control over model access. OpenAI collaborates with U.S. government entities (CAISI, ONCD, OSTP) to align deployments with emerging regulations and standards.

Outlook

OpenAI emphasizes that the real test lies in real‑world vulnerability discovery, noise filtering, actionable issue identification, and safe remediation. Ongoing coordinated‑disclosure work will continue to evaluate the model in complex codebases and production workflows. The broader vision is to move beyond “finding more bugs” toward a more secure software ecosystem and stronger cyber‑resilience worldwide.