OpenAI’s Daybreak Uses Codex Security to Hunt Software Vulnerabilities

OpenAI wants its AI agents to hunt for software flaws before attackers do.

The company on May 11 launched Daybreak, a new initiative that uses AI agents to help organizations detect, validate, and fix software vulnerabilities earlier in the development process. The initiative brings together OpenAI models, Codex Security, and security partners to move cyber defense work closer to where software is built.

The launch also puts OpenAI more directly in competition with Anthropic, which has promoted Claude for cyber defense through projects such as Claude Mythos and Project Glasswing.

OpenAI brings AI agents into security work

OpenAI said in its official announcement that Daybreak was designed to help defenders integrate secure code review, threat modeling, patch validation, dependency risk analysis, detection, and remediation guidance into everyday development workflows.

“Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across the security flywheel to help make the world safer for everyone,” OpenAI stated.

Daybreak is meant to help teams move from finding vulnerabilities to validating and fixing them faster.

The cybersecurity platform uses Codex Security to scan repositories, build editable threat models, identify realistic attack paths, validate vulnerabilities in isolated environments, and propose fixes. OpenAI said the system can reduce hours of analysis to minutes and return audit-ready evidence to customer systems.

Access to Daybreak appears limited for now, and OpenAI is asking interested organizations to request a vulnerability scan or contact its sales teams.

Daybreak uses specialized OpenAI models

OpenAI said Daybreak uses several model configurations for different cyber defense needs. It is built on three models: GPT-5.5, GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber. 

GPT-5.5 supports general-purpose work, while GPT-5.5 with Trusted Access for Cyber is intended for verified defensive work in authorized environments. The company also listed GPT-5.5-Cyber for more specialized authorized workflows, including red teaming, penetration testing, and controlled validation.

Several security and infrastructure companies are already part of OpenAI’s Trusted Access for Cyber program. OpenAI listed Akamai, Cisco, Cloudflare, CrowdStrike, Fortinet, Oracle, Palo Alto Networks, and Zscaler among the partners working with these capabilities.

AI cyber defense race picks up speed

Daybreak arrives as AI-assisted security research changes the pace of vulnerability discovery. 

The Hacker News reported that AI tools can surface latent security issues faster than traditional manual work. That speed can help defenders, but it can also pressure patching teams and increase triage fatigue. 

The launch also places OpenAI closer to Anthropic’s AI security push. 

Engadget described Daybreak as OpenAI’s response to Anthropic’s Claude Mythos and Project Glasswing, which have been promoted for cyber defense work. In April, Mythos helped Mozilla find and patch 271 vulnerabilities in Firefox. 

With Daybreak, OpenAI is pushing its AI tools deeper into day-to-day security work, where teams need fast findings, clear evidence, and tight controls before they act.

Learn why OpenAI’s newest cybersecurity model is arriving in Europe and what it could mean for banks, businesses, and critical infrastructure.