Feature

OpenAI launches Daybreak cybersecurity platform as AI defence race accelerates

OpenAI has launched Daybreak, a new cybersecurity initiative designed to help organisations find, prioritise and fix software vulnerabilities before attackers can exploit them.

The platform brings together OpenAI’s frontier models, Codex Security and security partners to analyse software, identify realistic attack paths, generate patches, test fixes and return documentation that can support audits and internal remediation workflows. OpenAI describes Daybreak as part of a broader push to make security a built-in part of software development rather than something bolted on after code has already shipped.

Daybreak arrives as major AI companies race to position their models as tools for defensive cybersecurity. The launch puts OpenAI in direct competition with Anthropic’s Project Glasswing, which is built around Claude Mythos Preview, an unreleased model Anthropic says can find and exploit software vulnerabilities at a level surpassing all but the most skilled human researchers.

OpenAI says Daybreak is designed to help security teams focus on high-impact issues, reduce long analysis cycles, patch safely at scale, and verify that fixes have worked. The company is currently asking interested organisations to request a vulnerability scan or contact its sales team, suggesting access remains limited rather than broadly public.

The initiative uses three tiers of model access. Standard GPT-5.5 is intended for general-purpose, developer and knowledge work. GPT-5.5 with Trusted Access for Cyber is designed for verified defensive workflows, including secure code review, vulnerability triage, malware analysis, detection engineering and patch validation. GPT-5.5-Cyber is reserved for more specialised authorised workflows, including red teaming, penetration testing and controlled validation.

The platform’s core workflow is built around Codex Security, OpenAI’s application-security agent. Reporting on the launch says the agent can create editable threat models based on a project’s code, examine realistic attack paths, validate potential vulnerabilities in sandboxed environments and recommend remediation steps.

OpenAI lists several major security and infrastructure companies as Daybreak users or partners, including Cloudflare, Cisco, CrowdStrike, Palo Alto Networks, Oracle, Zscaler, Akamai and Fortinet.

The launch follows OpenAI’s recent expansion of its Trusted Access for Cyber program, which gives verified security professionals and organisations access to more capable cyber tools for legitimate defensive work. The company has framed the program as a way to give defenders access to advanced capabilities while maintaining stronger safeguards around misuse.

Daybreak also comes shortly after OpenAI offered the European Union access to its cybersecurity tools as part of a wider cyber action plan. Reuters reported that the European Commission had acknowledged OpenAI’s offer, while Anthropic had not yet proposed comparable access to its own model capabilities.

Anthropic’s Project Glasswing has generated intense industry attention because of the claimed power of Mythos Preview. Anthropic says the model has reached a level of coding capability where it can find and exploit vulnerabilities across software at an elite level. Access has initially been restricted to selected partners and defensive use cases.

The rise of platforms such as Daybreak and Glasswing reflects a deeper change in cybersecurity. AI-assisted vulnerability research is accelerating the discovery of hidden flaws, but many organisations already struggle to fix vulnerabilities at the pace they are found. This creates a growing risk that the volume of discoveries could overwhelm maintainers, security teams and software vendors.

That pressure is worsened by the rise of AI-generated vulnerability reports that look convincing but may be wrong. Security teams increasingly face what the industry has begun calling triage fatigue, where genuine risks compete with false positives, duplicated findings and low-quality reports. Daybreak’s value will depend not only on whether it can find bugs, but whether it can help teams decide which findings matter and verify that fixes actually work.

For defenders, the promise is significant. A system that can scan code, reason about attack paths, test exploitability and generate safe patches could reduce the time between discovery and remediation. For large organisations managing sprawling software environments, that could be a meaningful advantage.

But the same capabilities also raise difficult questions. Tools powerful enough to help defenders find flaws may also point toward a future in which attackers can discover and weaponise vulnerabilities faster. That makes access controls, verification, security training and responsible deployment critical.

OpenAI’s launch of Daybreak is another sign that AI cybersecurity is moving out of research labs and into production workflows. The contest is no longer simply about which company has the most capable model. It is about which organisation can build the safest, most useful system around that model, turning raw capability into practical defence.

For businesses, developers and security teams, the message is clear: the pace of cyber defence is changing. AI may help find and fix vulnerabilities faster, but people still need to understand what those vulnerabilities mean, how attackers exploit them and how to build safer digital habits.

Knowledge is power. Upskill your cybersecurity awareness and strengthen your defensive knowledge with The Hack Academy’s online courses: https://training.thehackacademy.com/course/

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *