OpenAI Launches GPT-5.5-Cyber and Patch the Planet Initiative to Fix Open Source Vulnerabilities at Scale

OpenAI's Three-Pronged Cyber Security Expansion

OpenAI on June 22 expanded its Daybreak cybersecurity initiative with three major releases: the full version of GPT-5.5-Cyber, a specialised defensive security model; a Codex Security plugin that embeds vulnerability scanning directly into developer workflows; and Patch the Planet, an ambitious program to systematically find and fix bugs in widely used open-source software.

The launch is widely viewed as a direct response to Anthropic's Glasswing security platform. OpenAI's approach is developer-centric, focusing on embedding security into the software development lifecycle rather than deploying standalone monitoring tools.

GPT-5.5-Cyber: Specialised Defensive Capabilities

GPT-5.5-Cyber achieved an 85.6 percent score on the CyberGym benchmark, significantly outperforming the standard GPT-5.5 model which scored 81.8 percent. The model is restricted to trusted defenders through OpenAI's Trusted Access for Cyber program, which reduces automated safety refusals for approved defensive tasks including secure code review, vulnerability triage, malware analysis, red teaming, and penetration testing.

The Trusted Access system continues to block credential theft, stealth operations, persistence mechanisms, and malware deployment, ensuring the model's capabilities remain in defensive hands.

Codex Security Plugin: Vulnerability Scanning in Developer Workflows

The new Codex Security plugin integrates security workflows directly into any Codex interface, allowing developers to move from threat modelling through discovery, validation, attack-path analysis, and verified fixes without leaving the tool. This represents a significant shift from traditional security tools that require developers to switch contexts between coding and security scanning.

Early testing demonstrated that the plugin could identify and patch vulnerabilities in real time during code reviews, potentially reducing the average time between vulnerability discovery and patch deployment from weeks to hours.

Patch the Planet: Systematic Open Source Bug Hunting

Patch the Planet is perhaps the most ambitious component. OpenAI partnered with Trail of Bits, a leading cybersecurity research firm, to systematically scan and patch vulnerabilities across critical open-source infrastructure. The initiative has already identified hundreds of security issues across Linux, cURL, Python, and more than 30 other widely deployed open-source projects.

Unlike traditional bug bounty programs that rely on individual researchers, Patch the Planet uses an automated, AI-driven approach that can scan entire codebases, identify vulnerability patterns, generate patches, and validate fixes at unprecedented scale.

India Impact: Implications for Developers and Cybersecurity

For Indian developers and technology companies, these tools could significantly improve software security practices. India's IT services sector, which employs over 5 million professionals, stands to benefit from automated vulnerability scanning integrated into existing development workflows. The democratisation of advanced vulnerability detection could level the playing field for smaller Indian tech companies.

Sources

Sources: OpenAI Official Blog, MLQ News, SecurityBrief Australia, The Verge, TechCrunch