OpenAI's gpt-5-5-cyber" class="entity-chip">GPT-5.5-Cyber beats Anthropic's Mythos on CyberGym, ExploitGym, and SEC-bench Pro. The updated model and Codex Security plugin now auto-patch vulnerabilities after scanning 30M commits.
Key facts
- GPT-5.5-Cyber beats Anthropic's Mythos on CyberGym, ExploitGym, SEC-bench Pro.
- Codex Security plugin scanned 30M+ commits across 30K+ codebases.
- 500K+ findings auto-flagged as fixed; 70K manually confirmed.
- OpenAI partners with 25+ security firms and several governments.
- Patch the Planet initiative targets open-source software bugs.
OpenAI is expanding its Daybreak cybersecurity initiative with an updated Codex Security plugin, the full GPT-5.5-Cyber model, and a partner network of more than 25 security firms and several governments. The focus shifts from finding vulnerabilities to patching them automatically. According to The Decoder
Key Takeaways
- OpenAI's GPT-5.5-Cyber beats Anthropic's Mythos on security benchmarks.
- Updated Codex plugin auto-patches after scanning 30M commits.
Codex Security update closes the loop from discovery to patch
The Codex Security plugin shipped as a research preview in March. Since then, it has scanned over 30 million commits across more than 30,000 codebases, OpenAI says. Over 500,000 findings were automatically flagged as fixed, and human reviewers manually confirmed another 70,000. The updated plugin analyzes code alongside a threat model, spots flaws, checks whether affected code is reachable, builds a targeted patch, and verifies the result. New features include deep scans of entire codebases, attack path analysis, and export to vulnerability management systems via SARIF files or CodeQL queries. Humans still sign off on every change. OpenAI blog
GPT-5.5-Cyber stays locked to vetted defenders
The full version of GPT-5.5-Cyber replaces an earlier preview that mostly aimed to cut unnecessary refusals in security workflows. OpenAI calls the updated model the most capable single model for finding and patching software flaws. GPT-5.5-Cyber leads on all key cybersecurity benchmarks, according to OpenAI. CyberGym measures whether an agent can reproduce known flaws in software environments. ExploitGym tests whether agents can turn vulnerabilities into working exploits. SEC-bench Pro evaluates long-term vulnerability discovery. The model is deliberately more permissive than standard models and refuses fewer requests, OpenAI says. Wired AI reports
The "Patch the Planet" initiative, announced alongside the model release, targets open-source software bugs. OpenAI will work with maintainers to find, validate, and fix vulnerabilities using AI and expert review. The partner program includes over 25 security firms and several governments, though OpenAI did not disclose which governments. Engadget
Anthropic recently made a similar point about the bottleneck shifting from finding flaws to patching them. OpenAI agrees, and the updated Codex plugin aims to close that gap. The comparison to Anthropic's Mythos on benchmarks is notable given Anthropic's own cybersecurity efforts — including Claude Code, which senior engineers use with 31% higher success rates than juniors, according to an Anthropic study published June 17. [per Anthropic study]
What to watch
Watch for third-party validation of GPT-5.5-Cyber's benchmark claims — independent researchers often replicate such results within 60 days. Also track whether the partner program expands beyond 25 firms and which governments join, as geopolitical tensions around AI cybersecurity tools intensify.
Source: the-decoder.com
