OpenAI has released GPT-5.5-Cyber, a model that scores higher than Anthropic’s Mythos 5 on specific cybersecurity benchmarks, and updated its Codex Security plugin to automate the full workflow from flaw detection to patch generation.
The shift from finding flaws to fixing them
The primary bottleneck in cybersecurity has moved past identifying vulnerabilities. The real challenge now lies in actually patching them. To address this, OpenAI is shipping an updated Codex Security plugin that covers the entire pipeline up to patch creation. This release also marks the full availability of GPT-5.5-Cyber after it left its preview phase. The company has simultaneously launched an open-source patching initiative and a partner program involving more than 25 security firms.
Codex Security update closes the loop from discovery to patch
The Codex Security plugin launched as a research preview in March. Since then, it has scanned over 30 million commits across more than 30,000 codebases. Over 500,000 findings were automatically flagged as fixed, while human reviewers manually confirmed another 70,000.
OpenAI wants the updated plugin to act like a security engineer sitting next to every developer. It analyzes code alongside a threat model, spots flaws, checks whether affected code is actually reachable, builds a targeted patch, and verifies the result.
New features include deep scans of entire codebases, attack path analysis, and export to existing vulnerability management systems through SARIF files or CodeQL queries. The plugin can also triage findings from other scanners or bug bounty reports and automate patch generation in batch mode. Humans still sign off on every change.
GPT-5.5-Cyber stays locked to vetted defenders
The full version of GPT-5.5-Cyber replaces an earlier preview that mostly aimed to cut unnecessary refusals in security workflows. OpenAI calls the updated model the most capable single model for finding and patching software flaws.
GPT-5.5-Cyber leads on all key cybersecurity benchmarks. CyberGym measures whether an agent can reproduce known flaws in software environments. ExploitGym tests whether agents can turn vulnerabilities into working exploits. SEC-bench Pro evaluates long-term vulnerability discovery.
| Model | CyberGym | ExploitGym | SEC-bench Pro |
|---|---|---|---|
| GPT-5.5-Cyber | 85.6% | 39.5% | 69.8% |
| Mythos 5 | 83.8% | – | – |
| GPT-5.5 | 81.8% | 25.95% | 63.1% |
| GPT-5.4 | 79.0% | – | – |
| Claude Opus 4 | 73.1% | – | – |
The latest version of GPT-5.5-Cyber is deliberately more permissive than standard models and refuses fewer requests. But only verified defenders can access it, and OpenAI ties that access to verification, monitoring, and guardrails. Most users should stick with GPT-5.5 paired with Trusted Access for Cyber and Codex Security.
Over 25 security firms and several governments join the program
Through the Daybreak Cyber Partner Program, security companies can plug GPT-5.5 with Trusted Access for Cyber into their own products. Partners include Cisco, CrowdStrike, Cloudflare, Palo Alto Networks, IBM, Fortinet, Wiz, SentinelOne, Darktrace, Palantir, Accenture, PwC, and KPMG.
OpenAI is also expanding its government work. The company says it has Trusted Access partnerships with Australia, Canada, France, Germany, Japan, South Korea, the EU agency ENISA, and the UK. In the US, OpenAI is working to carry out a recently issued executive order on AI security and plans to collaborate directly with critical infrastructure operators.
OpenAI also launched Patch the Planet together with Trail of Bits, HackerOne, and Calif to bring the same patching tools to open-source software. More than 30 open-source projects have signed on, including cURL, Go, Python, Sigstore, and pyca/cryptography. Security researchers work with maintainers to validate and deduplicate flaws and patches before anything gets merged. A first five-day sprint turned up hundreds of issues and led to dozens of merged patches.
What it means
For developers and security teams, the change is practical. The new plugin removes the manual step of writing patches after a scanner finds a bug. It handles the technical work of generating the fix, leaving humans to review and approve the change. The high scores on benchmarks suggest the model can handle complex exploitation scenarios better than previous tools, though access remains restricted to verified organisations.
