23.06.2026
4 min
24
OpenAI has expanded its Daybreak cybersecurity initiative, designed to help organizations identify and fix software vulnerabilities more quickly. At the same time, experts warn that the industry may soon face a new challenge: artificial intelligence is approaching the point where it can discover security flaws faster than human teams can verify and patch them.
The updated Daybreak platform combines new AI-powered security tools, industry partnerships, and specialized cybersecurity models. OpenAI says that through Codex Security, the Patch the Planet program, GPT-5.5-Cyber, and the Daybreak Cyber partner network, companies, government agencies, researchers, and developers will be able to use AI to meaningfully reduce cyber risks.
Major industry players have already joined the initiative, including CrowdStrike, Cloudflare, Cisco, Oracle, Palo Alto Networks, and several other cybersecurity firms.
OpenAI describes the approach as a “full-cycle remediation” process. According to the company, the new GPT-5.5-Cyber model, working alongside the Codex Security agent, can analyze source code, identify vulnerabilities, validate patches, examine dependencies, and recommend fixes within a single workflow.
However, not everyone shares the company’s optimism. Action1 Chief Technology Officer Gene Moody warns that automation should not be viewed as a universal solution.
“AI-powered patching is often presented as the inevitable future of vulnerability management. But without understanding the business context, AI cannot reliably determine what needs to be fixed immediately, what can be postponed, and what might actually disrupt critical business operations,” Moody explained.
According to Moody, the “fix everything” approach overlooks the fact that cybersecurity risks are not purely technical. Automatically deploying patches without proper oversight can lead to system instability, configuration conflicts, technical debt, and other operational issues. Another growing concern is that the industry’s biggest challenge may soon shift from finding vulnerabilities to fixing them fast enough.
OpenAI CEO Sam Altman has previously said that Daybreak was designed to accelerate cyber defense and provide continuous software protection. However, a growing number of experts believe the industry is approaching a point where AI-powered tools will discover thousands of new vulnerabilities faster than security teams can process them.
HackerOne Chief Product Officer Nidhi Aggarwal believes the real bottleneck now begins after vulnerabilities have been identified.
“We will continue to see new models emerge that uncover more legitimate vulnerabilities. But the biggest challenges facing the industry today come down to two things.”
First, most organizations are not yet prepared to safely integrate these models into their existing workflows. Effective deployment requires access controls, evaluation frameworks, and integration with established security processes.
Second, once vulnerabilities are discovered, security teams still need to determine which ones are genuine threats, assess their business impact, and quickly route them to the appropriate teams for remediation.
The launch of Daybreak also intensifies the cybersecurity rivalry between OpenAI and Anthropic. In April, Anthropic introduced Claude Mythos and its public counterpart, Fable 5, which became the first frontier AI models specifically designed to discover software vulnerabilities.
Following the release of Mythos, industry discussions increasingly focused on the possibility that powerful AI systems could significantly alter the balance between defenders and attackers. In June, the U.S. government even banned the use of Mythos and Fable 5 across federal agencies over concerns about potential misuse.
At the same time, some experts caution against overstating the capabilities of artificial intelligence. Singulr AI Chief Security and Strategy Officer Richard Bird argues that AI will not become a magic solution for cybersecurity.
“There is a growing narrative that artificial intelligence will somehow solve cybersecurity. That simply is not going to happen.”
According to Bird, AI primarily exposes long-standing issues that organizations have struggled with for years, including poor visibility, weak governance, fragmented controls, and inconsistent policy enforcement. He believes the companies that benefit most from AI will not be those with the most advanced models, but those that maintain operational control while using them.
Moody also warned that the volume of vulnerabilities identified by AI could soon exceed software vendors’ ability to produce and maintain reliable patches. In addition to Daybreak, OpenAI announced the date for its annual OpenAI DevDay 2026 conference.
