OpenAI has introduced Daybreak, a new cybersecurity initiative built around frontier AI models, Codex, and a partner network of security companies. The program is aimed at developers, enterprise security teams, researchers, and government-linked defenders who need to find, validate, and patch software vulnerabilities earlier in the development cycle.
OpenAI is launching Daybreak, our effort to accelerate cyber defense and continuously secure software.
— Sam Altman (@sama) May 11, 2026
AI is already good and about to get super good at cybersecurity; we'd like to start working with as many companies as possible now to help them continuously secure themselves.
Daybreak positions OpenAI’s models as part of a defensive security workflow, not just a coding assistant. It brings secure code review, threat modeling, patch validation, dependency risk analysis, detection support, and remediation guidance into Codex Security. OpenAI says the goal is to help teams identify high-impact issues, generate and test patches inside repositories, and send audit-ready evidence back into existing security systems.
The rollout is tied to OpenAI’s Trusted Access for Cyber framework. Standard GPT-5.5 remains the default model for general work, while GPT-5.5 with Trusted Access is meant for verified defenders handling secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation. GPT-5.5-Cyber is being positioned as a more permissive limited-preview model for specialized authorized workflows, including red teaming, penetration testing, and controlled validation.
Find and fix vulnerabilities earlier with Daybreak pic.twitter.com/yobOSWYeWP
— OpenAI (@OpenAI) May 11, 2026
The availability is not fully public. OpenAI is asking organizations to request vulnerability scans or contact sales, while broader deployment is planned with industry and government partners in the coming weeks. The company is also tying the initiative to stronger verification, account-level controls, scoped access, monitoring, and human review, reflecting the dual-use risk of giving frontier models deeper cyber capabilities.
Daybreak also expands the role of Codex Security, OpenAI’s application security agent. Codex Security can build a codebase-specific threat model, inspect realistic attack paths, validate issues in isolated environments, and propose patches for human review. This turns the product into a more operational security layer for companies that already use Codex in software development.
OpenAI is backing the initiative with a large partner list, including Cloudflare, Cisco, CrowdStrike, Palo Alto Networks, Oracle, Zscaler, Akamai, Fortinet, Intel, Qualys, Rapid7, Tenable, Trail of Bits, SpecterOps, SentinelOne, Okta, Netskope, Snyk, Gen Digital, Semgrep, and Socket. The partner structure shows that OpenAI wants Daybreak to sit across the full security chain, from vulnerability discovery and patching to monitoring, edge protection, and software supply chain defense.
For OpenAI, Daybreak is another step in turning Codex from a developer tool into an enterprise security platform. The company is not only selling model access, but also a governed workflow for using stronger AI systems inside sensitive environments. The main bet is that verified defenders should get fewer model refusals and stronger cyber assistance, while OpenAI maintains restrictions against malicious use, such as credential theft, stealth, persistence, malware deployment, or unauthorized exploitation.
