OpenAI has unveiled Daybreak, a new cybersecurity platform that uses AI to find vulnerabilities, verify patches, and model potential attacks before hackers can exploit them. The company is effectively entering direct competition with Anthropic and its Glasswing project.
A new initiative focused on improving cybersecurity was announced by OpenAI. The effort, named Daybreak, uses the capabilities of both OpenAi’s AI models (including Codex Security) and other partner security tools to assist companies in identifying and resolving vulnerabilities in their systems before hackers can utilize those vulnerabilities.
OpenAI explained that Daybreak will enable users to incorporate security testing as part of the development of their software. Upon receiving source code from a user, Daybreak will create a threat model based on the source code provided in the repository; identify the top ten most likely attack vectors; verify the existence of any vulnerabilities within the identified attack vectors; test solutions to each vulnerability in an isolated sandbox environment; and provide users with results detailing whether any of the proposed solutions worked.
In addition, OpenAI indicated that “we’ve combined ‘the intelligence’ of our models, ‘the extensibility’ of Codex as an agent-based tool, and ‘our partners across the security continuum’ to make the world safer for everyone.”
According to OpenAI, defenders will be able to secure audit code; model threats; validate patches; analyze dependency risks; and identify and remediate security issues during the development of products through the use of Daybreak.
Similar to how Anthropic Mythos utilizes AI for defensive purposes rather than attacking, the only people who may obtain access to Daybreak at this point in time is upon application for vulnerability scans or contacting the sales team.
There are three different models that comprise Daybreak. There is GPT-5.5 that serves as a base model with typical security controls for common tasks. GPT-5.5 with Trusted Access for Cyber provides a model specifically for proven defense scenarios in controlled environments. Lastly, GPT-5.5-Cyber is intended for red team operations, pentesting, and controlled security testing.
Trusted Access for Cyber has attracted several prominent companies, such as Akamai, Cisco, Cloudflare, CrowdStrike, Fortinet, Oracle, Palo Alto Networks, and Zscaler. OpenAI also reported that they are working with government and industry partners to develop additional “cyber-capable” models.
The introduction of Daybreak coincides with an explosion of AI-based tools being introduced into the security space. These types of systems have greatly increased the rate at which hidden vulnerabilities may be found. Tasks that were once considered time-consuming and resource-intensive may now be completed far more rapidly.
However, these advancements in technology are beginning to present challenges within the industry. For example, in March HackerOne temporarily halted their bug bounty program stating that the amount of new vulnerabilities and the pace at which they could be located utilizing AI were outpacing the ability of open-source developers to repair problems.
Additionally, another problem that has developed is referred to as “triage fatigue”. Due to the high volume of vulnerability reports received by developers many of which appear legitimate but were fabricated by generative models, developers are overwhelmed by having to assess numerous reports.
