OpenAI正式发布GPT-5.5-Cyber网络安全模型,性能领先
阅读原文· the-decoder.comOpenAI推出GPT-5.5-Cyber网络安全模型(取代预览版),在CyberGym(85.6%)、ExploitGym(39.5%)和SEC-bench Pro(69.8%)三项基准测试中领先,超越Anthropic Mythos 5(83.8%)和OpenAI GPT-5.5(81.8%)。同步更新Codex Security插件,从漏洞发现扩展至自动生成补丁,已扫描超3万个代码库,支持完整代码库扫描、攻击路径分析及批量补丁生成,变更需人工确认。模型仅向经审核的防御方开放,并结合监控与护栏使用。OpenAI启动Daybreak合作伙伴计划,合作方包括Cisco、CrowdStrike、Cloudflare等25余家安全公司及澳大利亚、加拿大等多国政府。
OpenAI says new GPT-5.5-Cyber outperforms Anthropic's Mythos on cybersecurity benchmark
Key Points
- OpenAI is expanding its Daybreak cybersecurity initiative with new tools, moving beyond simply identifying vulnerabilities to automatically resolving them.
- The Codex Security plugin has been updated to handle the entire workflow up to patch generation, and the GPT-5.5-Cyber cybersecurity model is now fully available after leaving its preview phase.
- As part of a dedicated partner program, OpenAI is collaborating with over 25 security companies and several governments to advance its cybersecurity capabilities.
OpenAI is expanding its Daybreak cybersecurity initiative with an updated Codex Security plugin, the full GPT-5.5-Cyber model, and a partner network of more than 25 security firms and several governments.
Anthropic recently made a similar point, and OpenAI agrees. The real bottleneck in cybersecurity has moved from finding flaws to actually patching them. To close that gap, OpenAI is shipping an updated Codex Security plugin that covers the full pipeline from discovery to patch generation, along with the full release of GPT-5.5-Cyber, a specialized model that sets new highs on security benchmarks. OpenAI also launched an open-source patching initiative and a partner program with more than 25 security firms.
Codex Security update closes the loop from discovery to patch
The Codex Security plugin shipped as a research preview back in March. Since then, it's scanned over 30 million commits across more than 30,000 codebases, OpenAI says. Over 500,000 findings were automatically flagged as fixed, and human reviewers manually confirmed another 70,000.
OpenAI wants the updated plugin to act like a security engineer sitting next to every developer. It analyzes code alongside a threat model, spots flaws, checks whether affected code is actually reachable, builds a targeted patch, and verifies the result.
New in this update are deep scans of entire codebases, attack path analysis, and export to existing vulnerability management systems through SARIF files or CodeQL queries. The plugin can also triage findings from other scanners or bug bounty reports and automate patch generation in batch mode. Humans still sign off on every change, OpenAI says.
GPT-5.5-Cyber stays locked to vetted defenders
The full version of GPT-5.5-Cyber replaces an earlier preview that mostly aimed to cut unnecessary refusals in security workflows. OpenAI calls the updated model the most capable single model for finding and patching software flaws.
GPT-5.5-Cyber leads on all key cybersecurity benchmarks, according to OpenAI. CyberGym measures whether an agent can reproduce known flaws in software environments. ExploitGym tests whether agents can turn vulnerabilities into working exploits. SEC-bench Pro evaluates long-term vulnerability discovery.
| Model | CyberGym | ExploitGym | SEC-bench Pro |
|---|---|---|---|
| GPT-5.5-Cyber | 85.6% | 39.5% | 69.8% |
| Mythos 5 | 83.8% | – | – |
| GPT-5.5 | 81.8% | 25.95% | 63.1% |
| GPT-5.4 | 79.0% | – | – |
| Claude Opus 4 | 73.1% | – | – |
The latest version of GPT-5.5-Cyber is deliberately more permissive than standard models and refuses fewer requests, OpenAI says. But only verified defenders can access it, and OpenAI ties that access to verification, monitoring, and guardrails. Most users should stick with GPT-5.5 paired with Trusted Access for Cyber and Codex Security, OpenAI says.
Over 25 security firms and several governments join the program
Through the Daybreak Cyber Partner Program, security companies can plug GPT-5.5 with Trusted Access for Cyber into their own products. Partners include Cisco, CrowdStrike, Cloudflare, Palo Alto Networks, IBM, Fortinet, Wiz, SentinelOne, Darktrace, Palantir, Accenture, PwC, and KPMG.
OpenAI is also expanding its government work. The company says it has Trusted Access partnerships with Australia, Canada, France, Germany, Japan, South Korea, the EU agency ENISA, and the UK. In the US, OpenAI is working to carry out a recently issued executive order on AI security and plans to collaborate directly with critical infrastructure operators.
OpenAI also launched Patch the Planet together with Trail of Bits, HackerOne, and Calif to bring the same patching tools to open-source software. More than 30 open-source projects have signed on, including cURL, Go, Python, Sigstore, and pyca/cryptography. Security researchers work with maintainers to validate and deduplicate flaws and patches before anything gets merged. A first five-day sprint turned up hundreds of issues and led to dozens of merged patches, OpenAI says.
AI News Without the Hype – Curated by Humans
Subscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive "AI Radar" frontier report six times a year, full archive access, and access to our comment section.