OpenAI Releases GPT-5.5-Cyber Update, Launches 'Patch the Planet' Open-Source Bug-Hunting Initiative
OpenAI released an updated GPT-5.5-Cyber vulnerability-finding model, expanded its Daybreak partner program, and launched Patch the Planet to help secure 30 open-source projects.
OpenAI announced a flurry of cybersecurity-related AI news on Monday, releasing an improved version of GPT‑5.5‑Cyber, its most advanced vulnerability-finding model, along with an expanded partner program for cybersecurity vendors, an update to its Codex Security scanner, and an initiative to “Patch the Planet” – or at least 30 high-profile open source projects.
The updated GPT‑5.5‑Cyber outperformed the preview model across three benchmarks. On CyberGym, which tests reproduction of known vulnerabilities, it reached 85.6% success versus 81.8% for GPT‑5.5. On ExploitGym, which measures the ability to turn vulnerabilities into working exploits, it scored 39.5% compared to 25.95%. On SEC-bench Pro, which evaluates long-horizon vulnerability discovery and proof-of-concept generation, it hit 69.8% versus 63.1%. OpenAI said the model can sustain deeper analysis across large codebases, tracing whether vulnerable code is reachable, validating issues in controlled environments, and developing patches.
OpenAI also expanded its Daybreak Cyber Partner Program to roughly 30 security vendors and service providers, giving them exclusive access to the updated GPT‑5.5‑Cyber model for integration into customer-facing defensive products. The company said it plans to add more organizations to the elite group in the coming months. The announcement comes as Anthropic’s Mythos model faces national security concerns that have complicated defenders' ability to use that AI company’s most advanced models.
On the open-source front, OpenAI launched Patch the Planet, an initiative co-founded with Trail of Bits and launched in collaboration with HackerOne and AI-powered bug hunting outfit Calif. The program provides participating open-source projects with ChatGPT Pro, conditional access to Codex Security scanner, and API credits for core development and maintainer automation. Maintainers define their priorities and disclosure processes, while Patch the Planet security researchers manage the work end-to-end, validating and deduplicating vulnerabilities and patches before they reach maintainers.
Trail of Bits reported that in the first week alone, Patch the Planet uncovered hundreds of bugs, generating 64 pull requests and 51 issues filed across 19 projects. The 19 projects include cURL, NATS, pyca, Sigstore, aiohttp, the Go project, freenginx, Python and python.org, urllib3, PyPI, SimpleX, Valkey, and RustCrypto. More than 30 projects have joined so far, and maintainers can apply to join. Highlights include using GPT-5.5-Cyber to build a full-scale fuzzing lab in under a day – an effort that would have taken human experts two or three weeks – and using Codex to build a CVE variant analysis pipeline in less than a day.
OpenAI also released a Codex Security plugin that enables out-of-the-box defensive security workflows, allowing developers to integrate Codex into their CI/CD pipelines. The scanner, released as a research preview in March, has scanned more than 30 million commits across more than 30,000 codebases. Human reviewers have manually marked about 70,000 findings as fixed, and AIs have auto-determined that more than 500,000 findings are fixed. The new plugin can triage and validate existing findings from scanners, advisories, bug-bounty reports, or ticketing systems, then automate patch generation at scale to close backlogs of vulnerabilities.
OpenAI assured that it has had ongoing dialogue with the US government about its latest model and upcoming releases, hoping to insulate the company against surprise export controls. The announcements come amid a general feeling of FUD around AI cyberattacks and the impending vulnpocalypse, as the Five Eyes intelligence alliance recently warned that advanced AI models capable of autonomous hacking will become publicly available within months.
Separately, OpenAI released the full version of GPT-5.5-Cyber, a specialized model achieving scores of 85.6% on CyberGym and 39.5% on ExploitGym, along with an updated Codex Security plugin that has resolved over 500,000 findings across 30,000 codebases. The company also launched the Patch the Planet initiative with Trail of Bits, enlisting 30+ open-source projects including cURL, Go, and Python to close the remediation gap, and confirmed Trusted Access partnerships with Australia, France, Germany, Japan, and EU bodies such as ENISA.