Industry
Ilya Kabanov

OpenAI Daybreak wraps GPT-5.5, Codex Security, and many promises

TL;DR OpenAI's Daybreak wraps GPT-5.5 and Codex Security into three access tiers, including a KYC-gated GPT-5.5-Cyber preview for authorized red teaming. It's the only frontier-lab cyber offering a buyer can engage on today. But not everyone is excited about it.

A quick game first. Can you guess the labs below?

The 'we are not evil' lab.

We have a model so dangerous our own engineers cannot keep it on a leash. It blackmails them. We are not showing it yet.

The 'we are big' lab.

We just caught an unnamed criminal group that used an LLM (definitely not ours) to compromise 2FA on an unnamed product through an undisclosed mechanism. By the way, we have two super-powerful projects that can find security bugs and fix them. We cannot show them yet, so please use our beautiful slides to defend yourself in the meantime.

The 'everyone says we are evil' lab.

We already have a cybersecurity product in GA. We released a new model with tiered access for cyber defenders. Today, we are announcing how we stitch it all together.

OpenAI announced Daybreak.

Highlights:

  • Daybreak, a program that combines GPT-5.5, Codex Security as an agentic harness, and partners across the 'security flywheel.'
  • The trusted tiers include verified defenders for defensive tasks, doing secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation, and a smaller group for authorized red teaming, penetration testing, and controlled validation.
  • One partner endorsement at launch. Cloudflare CTO Dane Knecht supplies the quote. OpenAI says it will work with 'industry and government partners' in the coming weeks to iteratively deploy more cyber-capable models.

My take:

  1. GPT-5.5 is powerful. AISI evaluated it across 95 narrow cyber tasks and two cyber range simulations, where it hit 71.4% on expert-tier CTFs and became the second model after Anthropic's Mythos Preview to complete the 32-step end-to-end intrusion in The Last Ones simulation.
  2. OpenAI is doubling down on enterprises, and cybersecurity is a strong play.
  3. Finding bugs and even fixing the critical but straightforward ones is becoming less of a bottleneck. The real battleground is coordination headwind and ownerless code.
  4. OpenAI talks about partners, but I haven't seen public endorsements so far. Interestingly, neither @Cloudflare nor Dane Knecht, who were featured as partners, posted or reposted the Daybreak announcement on X. Similar silence from other security vendors (CrowdStrike, Palo Alto, SentinelOne, Wiz, Snyk, Microsoft Security, GitHub Security, Tenable, Rapid7, Mandiant, HackerOne, Bugcrowd). Are they uncomfortably excited? Or maybe not that much.
  5. The sharpest skeptical reply on X, from @mikemichelin: "'AI writing the code / AI defending the code' only works if the audit trail is excellent. Otherwise you just created a faster way to generate mystery meat." Actually, it never works.

Sources:

OpenAI, Daybreak: Frontier AI for cyber defenders (May 12, 2026)