GPT-5.5-Cyber is OpenAI's first specialized frontier model for cybersecurity, scoring a record 85.6% on CyberGym — and paired with the Patch the Planet initiative, it's already merged 37 pull requests fixing real vulnerabilities across the open-source ecosystem in just one week.
For years, finding software vulnerabilities required rare expertise, deep codebase familiarity, and painstaking manual analysis. Then AI got good at finding them — so good that defenders became overwhelmed by the sheer volume of reports. Now OpenAI has crossed a new threshold with GPT-5.5-Cyber, a model that doesn't just find bugs — it patches them automatically. And with the Patch the Planet initiative, it's doing so at planetary scale.
Here's what GPT-5.5-Cyber can actually do, how Patch the Planet works, and why this marks a fundamental shift in AI-powered cybersecurity.
## What Is GPT-5.5-Cyber?
Announced as part of OpenAI's broader Daybreak initiative on June 22, 2026, and expanded from a limited preview on May 7, GPT-5.5-Cyber is the company's first model purpose-built for authorized defensive cybersecurity work. It retains the full general intelligence of GPT-5.5 but removes unnecessary refusals for verified defenders working in authorized environments.
Access comes in three tiers designed for different security postures:
Since June 1, 2026, anyone accessing permissive models must have Advanced Account Security (phishing-resistant MFA) enabled, reflecting the dual-use nature of these powerful capabilities.
## Benchmark Performance: A New Frontier
GPT-5.5-Cyber set new state-of-the-art scores across all major cybersecurity benchmarks. The gap is especially significant on ExploitGym, where it generates working exploits from vulnerability descriptions at nearly 40% — a category where earlier models struggled to reach even half that rate.
The model can navigate codebases exceeding 30 million lines of code, trace complex attack paths, validate exploitability, and — crucially — generate targeted patches with remediation evidence. This represents a complete end-to-end workflow: discover, validate, patch, and verify.
Video: OpenAI's Daybreak expansion shifts cybersecurity from bug discovery to verified patching at scale. Credit: KrebbiClaw.
## Patch the Planet: Fixing Open Source at Scale
OpenAI didn't just release a model — it launched Patch the Planet, a funded initiative co-founded with Trail of Bits in collaboration with HackerOne and Calif, to address a structural crisis in open-source security.
The problem is stark: according to Harvard and the Linux Foundation, 94% of widely-used open-source projects have fewer than 10 developers responsible for more than 90% of the code added annually. AI now finds vulnerabilities faster than these tiny maintainer teams can possibly patch them.
Patch the Planet bridges that gap by funding expert security researchers — equipped with Codex Security and advanced AI models — to work directly with maintainers. Every vulnerability is validated by a human security engineer before reaching the maintainer.
### Week 1 Results
The numbers from the first five-day sprint are remarkable:
- **64 pull requests** filed across 19 projects
- **51 issues** filed — 19 already closed
- **37 PRs already merged** into production code
Initial participants include cURL, Go, Python, Sigstore, pyca/cryptography, NATS Server, aiohttp, freenginx, urllib3, PyPI, SimpleX, Valkey, and RustCrypto — the backbone of the modern internet.
### Real Vulnerabilities Found and Fixed
Patch the Planet isn't finding toy bugs. In its first week alone, researchers using GPT-5.5-Cyber and Codex Security uncovered:
- **Linux Kernel:** 8 pointer-leak proof-of-concepts, 24 local privilege escalation (LPE) exploits
- **OpenBSD:** A **23-year-old use-after-free bug** in System V semaphores
- **FreeBSD:** 34 confirmed vulnerabilities including 7 LPE proofs-of-concept
- **Chrome V8:** 5 exploitable bugs, 3 remediated within days of introduction
- **Safari WebKit:** 10+ exploitable vulnerabilities found in roughly one week
- **Firefox:** CVE-2026-8390 (WebAssembly use-after-free) patched 2 days before Pwn2Own Berlin
- **dnsmasq:** Codex independently flagged 4 of 6 CVEs fixed in version 2.92rel2
Perhaps most stunning: an HTTP/2 Bomb denial-of-service technique affecting over 880,000 internet-facing servers — including NGINX, Apache, IIS, and Pingora — was discovered and disclosed through the initiative.
## Government Backing and the Competitive Landscape
GPT-5.5-Cyber has strong government support. OpenAI collaborates with CAISI (the Center for AI Standards & Innovation) for pre-deployment testing, plus the ONCD and OSTP at the White House level. Trusted Access for Cyber has been established with 9+ countries and organizations, including Australia, Canada, France, Germany, Japan, the Republic of Korea, and the EU (ENISA).
This alignment with President Trump's June 2, 2026 Executive Order on AI positions OpenAI at the center of national security policy.
Meanwhile, Anthropic's Mythos 5, GPT-5.5-Cyber's closest competitor, was effectively pulled from the market on June 12 when the US government suspended access for all foreign nationals due to export control concerns. Anthropic publicly disagreed with the decision. The net effect: OpenAI now has a clear runway as the dominant player in AI-powered cybersecurity.
Video: Expert analysis of the OpenAI vs. Anthropic race for AI-powered cybersecurity dominance. Credit: Promise & Risk of AI.
## The Daybreak Cyber Partner Program
Beyond direct model access, OpenAI's Daybreak Cyber Partner Program enables 28+ security vendors to embed GPT-5.5 with Trusted Access for Cyber into their products. Partners include Cisco, Cloudflare, CrowdStrike, Palo Alto Networks, SentinelOne, Wiz, Zscaler, IBM, Accenture, and Darktrace, among others.
## Why This Matters
The cybersecurity industry has spent decades trying to find vulnerabilities faster. Now AI has solved that problem — and created a new one: who patches all the bugs the AI finds? GPT-5.5-Cyber and Patch the Planet represent OpenAI's answer. As OpenAI puts it, "finding vulnerabilities is important, but it's landing the fix that protects the world."
For comparison with other frontier AI models, check out our coverage of MiniMax M3 and its sparse attention breakthrough, or learn about Switzerland's Apertus 70B — a sovereign open-source AI alternative. To understand the core technology powering modern AI applications, our complete RAG guide explains how retrieval-augmented generation grounds LLMs in real data.
With 30,000+ codebases scanned by Codex Security, 70,000+ human-verified fixes, and partnerships spanning three continents, GPT-5.5-Cyber isn't a research experiment — it's production infrastructure. The next time a critical library gets a security patch, GPT-5.5-Cyber likely helped find it, validate it, and write the fix.
## Frequently Asked Questions
### What is GPT-5.5-Cyber?
GPT-5.5-Cyber is OpenAI's first specialized frontier model for cybersecurity. It's designed for authorized defensive security work, capable of navigating large codebases, finding vulnerabilities, and generating patches autonomously.
### How does Patch the Planet work?
Patch the Planet is a funded initiative co-founded with Trail of Bits that equips human security researchers with Codex Security and advanced AI models. Researchers validate, deduplicate, and patch vulnerabilities in critical open-source projects before burdening the maintainers.
### How does GPT-5.5-Cyber compare to Anthropic's Mythos 5?
GPT-5.5-Cyber scored 85.6% on CyberGym versus Mythos 5's 83.8%. However, Mythos 5 was effectively removed from the market on June 12, 2026, due to a US government export control directive, leaving OpenAI as the dominant player in AI-powered cybersecurity.
### Is GPT-5.5-Cyber available to everyone?
No. The most permissive version (GPT-5.5-Cyber) is strictly limited to vetted defenders. Most organizations should start with GPT-5.5 with Trusted Access for Cyber (TAC), which offers reduced refusals in authorized environments. All users of permissive models must have Advanced Account Security (phishing-resistant MFA) enabled since June 1, 2026.
### What vulnerabilities did Patch the Planet find in its first week?
Highlights include a 23-year-old use-after-free bug in OpenBSD, 8 pointer-leak PoCs and 24 LPE exploits in the Linux kernel, 34 confirmed vulnerabilities in FreeBSD, and an HTTP/2 Bomb DoS affecting 880,000+ internet-facing servers. Read more details on the Trail of Bits announcement.
Featured image: Generated by AI (FLUX.1-schnell via Pollinations.ai). Prompt: Futuristic AI-powered cybersecurity operations center with holographic shield protecting connected global network nodes.
Additional sources: OpenAI Daybreak Announcement, Trail of Bits Patch the Planet announcement, Axios, Cybersecurity News.
📺 Video: OpenAI's Daybreak expansion shifts cybersecurity — Watch on YouTube
📺 Video: OpenAI vs. Anthropic race for AI-powered cybersecurity — Watch on YouTube
Top comments (0)