OpenAI has introduced Daybreak, a new “frontier AI for cyber defenders” initiative focused on helping organizations build safer software that is resilient by design. The company describes Daybreak as its vision for changing how software is built and defended by integrating cyber defense directly into the software development lifecycle.
OpenAI says Daybreak represents “the first glimpse of sunlight in the morning.” For cyber defense, the initiative is designed around seeing risks earlier, acting sooner, and helping make software resilient from the start.
According to the company, the next era of cyber defense should move beyond simply finding and patching vulnerabilities. Instead, software systems should be designed to remain resilient even when vulnerabilities exist.
OpenAI says AI can help defenders reason across large codebases, identify subtle vulnerabilities, validate fixes, analyze unfamiliar systems, and move from discovery to remediation faster. The company also says these capabilities are paired with trust, verification, proportional safeguards, and accountability to reduce misuse risks.
The stated goal of Daybreak is to “accelerate cyber defenders and continuously secure software.”
Key Daybreak features and capabilities
Daybreak combines OpenAI models, the extensibility of Codex as an agentic harness, and partners across what the company calls its “security flywheel” to support AI-powered cyber defense workflows.
Key capabilities include:
- Secure code review
- Threat modeling
- Patch validation
- Dependency risk analysis
- Vulnerability detection
- Remediation guidance
- Malware analysis
- Detection engineering
- Automated monitoring and response workflows
OpenAI says these capabilities can be integrated into everyday development environments so software becomes more resilient from the beginning of the development cycle.
The company outlined several ways organizations can deploy AI in cyber defense workflows:
- Prioritize high-impact threats and reduce investigation time from hours to minutes
- Generate and test patches directly within repositories
- Verify remediation using audit-ready evidence and validation systems
- Build editable threat models from repositories
- Focus analysis on realistic attack paths and high-impact code areas
- Validate vulnerabilities in isolated environments to reduce noisy alerts
- Help organizations prioritize reproducible issues and “burn down the backlog” faster
- Automate monitoring, detection, and response for higher-risk vulnerabilities
OpenAI also confirmed that it is working with government and industry partners ahead of deploying increasingly cyber-capable AI models through its iterative deployment approach in the coming weeks.
GPT-5.5 access tiers for cyber defense
OpenAI introduced multiple access levels for organizations depending on security workflow requirements.
GPT-5.5 (default)
- Standard safeguards for general-purpose use
- Intended for developer, productivity, and general knowledge work workflows
GPT-5.5 with Trusted Access for Cyber
- More precise safeguards for verified defensive work in authorized environments
- Designed for secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation
GPT-5.5-Cyber
- Most permissive behavior for specialized authorized workflows
- Includes stronger verification systems and account-level controls
- Intended for preview access workflows including authorized red teaming, penetration testing, and controlled validation
OpenAI says organizations can contact the company to determine the most suitable access model for their security workflows.
Availability
OpenAI is currently allowing organizations to request vulnerability scans and Daybreak assessments to identify, validate, and remediate security issues across applications and codebases.
The company says organizations can start with a Daybreak assessment to see how AI can help prioritize risk, remediate issues faster, and strengthen software defenses.
Businesses interested in the program are required to submit company details, organization size, contact information, work email addresses, and phone numbers through OpenAI’s request form.