OpenAI’s GPT‑5.5‑Cyber Detects, Patches Vulnerabilities, Beats Anthropic Mythos 5
OpenAI unveiled GPT‑5.5‑Cyber as part of its Daybreak security initiative, delivering a full‑capability model that outperforms Anthropic’s Mythos 5 on multiple security benchmarks and can autonomously discover, verify, and patch software vulnerabilities while launching the open‑source “Patch the Planet” program.
Amid an accelerating AI‑plus‑security arms race, OpenAI announced on June 22 that its Daybreak security program will ship a new “full‑blood” model called GPT‑5.5‑Cyber, together with a Codex Security plugin and a “Patch the Planet” open‑source initiative.
The upgraded model achieves a single‑model score of 85.6 % on the CyberGym benchmark, surpassing the generic GPT‑5.5’s 81.8 % . On the more demanding ExploitGym test, GPT‑5.5‑Cyber jumps to 39.5 % , a 25.95 % improvement over GPT‑5.5, and reaches 69.8 % on SEC‑bench Pro, beating the previous 63.1 % record.
OpenAI stresses that raw benchmark numbers are less important than real‑world performance. In practice, GPT‑5.5‑Cyber can close the full security loop: it analyses large codebases, identifies security‑relevant components, judges exploitability, validates findings in a controlled environment, generates fix patches, and assembles evidence for human review.
Earlier Daybreak prototypes already leveraged GPT‑5.5 and Codex Security to discover and confirm vulnerabilities in widely used software such as Firefox, V8, Safari, OpenBSD, FreeBSD, and HTTP/2 implementations.
The “Patch the Planet” plan, launched with Trail of Bits, HackerOne and other platforms, aims to alleviate the flood of AI‑generated security reports that overwhelm open‑source maintainers. The workflow lets AI filter, deduplicate, and verify reports, then produce usable patches before handing them to maintainers for final approval. In a pilot, the program uncovered hundreds of potential issues, merged dozens of patches, and built a reusable automated testing pipeline.
More than thirty open‑source projects—including cURL, Go, Python, Sigstore, and pyca/cryptography—have pledged participation, receiving benefits such as ChatGPT Pro access, Codex Security permissions, and API quota support.
The competition with Anthropic’s Mythos series highlights a shared dilemma: powerful models can serve both defensive and offensive purposes. Both firms are searching for a balance that empowers defenders while preventing misuse.
OpenAI therefore limits GPT‑5.5‑Cyber access to rigorously vetted security professionals, couples it with stricter monitoring and permission controls, and routes capabilities to enterprise customers via the Daybreak Cyber Partner Program rather than exposing a direct API.
Looking ahead, the article predicts that by the second half of 2026 the AI security battlefield will shift from “who finds more bugs” to “who can reliably and responsibly close the discovery‑to‑remediation loop,” demanding not only technical prowess but also a new kind of “security emotional intelligence.”
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
ITPUB
Official ITPUB account sharing technical insights, community news, and exciting events.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
