Can Artificial Intelligence Now Find and Fix Vulnerabilities on Its Own? Meet OpenAI GPT-5.5-Cyber!

At a time when artificial intelligence technologies are playing an increasingly important role in the cybersecurity landscape, OpenAI has officially released the full version of its GPT-5.5-Cyber model, specifically developed for cybersecurity tasks. This model possesses capabilities for vulnerability detection, exploitability assessment, security patch creation, and automated remediation of identified issues, marking a significant step forward in defensive cybersecurity.

The new model was developed under OpenAI’s Daybreak initiative, with the primary goal of equipping organizations and cybersecurity professionals with modern AI tools to more effectively defend against cyber threats.

Artificial Intelligence Built Specifically for Cybersecurity

Unlike traditional AI models, GPT-5.5-Cyber is specifically optimized for analyzing complex software projects, identifying vulnerabilities in codebases, and automating remediation processes.

The model is capable of performing the following tasks:

  • analyzing large-scale codebases;
  • detecting and tracking attack chains;
  • assessing the exploitability of vulnerabilities;
  • generating targeted security patches;
  • preparing technical reports on remediation efforts;
  • providing recommendations for automated fixes.

As a result, security professionals can significantly reduce the time spent on vulnerability discovery and remediation.

What Do the Test Results Show?

According to data provided by OpenAI, GPT-5.5-Cyber achieved high scores in a number of authoritative cybersecurity benchmarks.

CyberGym

On the CyberGym platform, the model achieved a score of 85.6%, surpassing GPT-5.5’s 81.8%. This result is recognized as one of the highest recorded in this benchmark.

ExploitGym

In the ExploitGym test, which evaluates the ability to generate exploit scenarios based on known vulnerabilities, GPT-5.5-Cyber achieved a score of 39.5%. For comparison, GPT-5.5 scored 25.95% in this category.

SEC-bench Pro

In the SEC-bench Pro test, which assesses the ability to identify deep and long-term vulnerabilities in complex software products, the model achieved a score of 69.8%.

These results demonstrate that GPT-5.5-Cyber possesses high potential not only in detecting vulnerabilities but also in identifying their root causes and providing effective remediation.

Codex Security Platform Reaches a New Level

Alongside the release of GPT-5.5-Cyber, OpenAI has also significantly enhanced its Codex Security platform.

Launched in March 2026 as a research project, Codex Security achieved the following results in a short period:

  • analyzed over 30 million Git commits;
  • reviewed more than 30,000 codebases;
  • processed over 70,000 manually validated fixes;
  • automatically remediated over 500,000 security issues.

The new version is fully integrated into existing developer workflows and provides support for CodeQL queries, SARIF exports, and vulnerability management systems.

Additionally, the platform:

  • assesses vulnerability severity;
  • identifies the affected code sections;
  • indicates the attack vector;
  • generates project-appropriate security patches.

The Patch the Planet Initiative

To expand collaboration with the cybersecurity community, OpenAI launched the Patch the Planet global initiative.

This project is carried out in partnership with:

  • Trail of Bits;
  • HackerOne;
  • Calif.

The initiative is focused on the rapid remediation of security issues identified in open-source software.

The following prominent projects are participating in the initial phase:

  • cURL;
  • Go;
  • Python;
  • Sigstore;
  • pyca/cryptography.

In just five days of initial hands-on sessions, hundreds of vulnerabilities were discovered, dozens of security patches were developed, and fuzzing and variant analysis mechanisms were created for future use.

Only for Trusted Defenders

OpenAI has not made GPT-5.5-Cyber publicly available. The model is provided exclusively to vetted and trusted cybersecurity organizations and professionals.

Currently, OpenAI is collaborating with the following countries and organizations:

  • Australia;
  • Canada;
  • France;
  • Germany;
  • Japan;
  • South Korea;
  • European Union institutions;
  • ENISA.

Such restrictions have been implemented to prevent the model’s advanced capabilities from being used for malicious purposes.

A New Paradigm in Cybersecurity

In recent years, the primary challenge in cybersecurity was vulnerability discovery, but the situation is now shifting. With modern tools, finding vulnerabilities is becoming increasingly easier, but their rapid and effective remediation remains an ongoing challenge.

GPT-5.5-Cyber is designed to fill precisely this gap. The model not only identifies vulnerabilities but also offers practical solutions for their remediation. This expands opportunities for improving security professionals’ productivity and enabling rapid incident response.

Conclusion

The release of GPT-5.5-Cyber marks a new stage in the integration of artificial intelligence and cybersecurity. This model unifies the processes of vulnerability discovery, exploitability assessment, patch creation, and implementation within a single platform.

Together with the Daybreak initiative, the Codex Security platform, and the Patch the Planet project, OpenAI is shaping a new approach to cybersecurity. The focus is now shifting from merely discovering vulnerabilities to addressing them at scale and with speed.

According to experts, in the coming years, such AI systems will become an integral part of security operations and will help organizations effectively counter increasingly sophisticated cyber threats.