OpenAI has launched Daybreak, a cybersecurity initiative that uses its AI models and Codex Security agent to help organizations identify and fix software vulnerabilities, putting the company in direct competition with Anthropic's Project Glasswing.
OpenAI says it built Daybreak on the idea that security should be part of software from the start, not just an afterthought. The platform aims to speed up security analysis, generate and test patches within a project, and send results to clients with documentation ready for audits.
The initiative relies on three model tiers, OpenAI said: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive workflows including secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation, and GPT-5.5-Cyber for specialized workflows such as authorized red teaming, penetration testing, and controlled validation. According to The Hacker News, the Codex Security agent works by constructing an editable threat model focused on realistic attack paths, then moves to testing potential vulnerabilities in a sandboxed environment before recommending remediation steps.
OpenAI says several major companies, such as Akamai $AKAM, Cisco $CSCO, Cloudflare, CrowdStrike $CRWD, Fortinet $FTNT, Oracle $ORCL, Palo Alto Networks $PANW, and Zscaler, are already using Daybreak. For now, access is limited, and interested organizations need to request a vulnerability scan or reach out to the sales team.
OpenAI's launch comes about a month after the company offered the European Union access to GPT-5.5-Cyber, while Anthropic had yet to extend comparable access to its own model. That announcement followed OpenAI's earlier expansion of its Trusted Access for Cyber program, which extended verified access to thousands of individual professionals and hundreds of teams, and reported that Codex Security had contributed to more than 3,000 critical and high fixed vulnerabilities since its launch.
Anthropic's competing program, Project Glasswing, is built around Claude Mythos Preview, a model the company says can find and exploit software vulnerabilities at a level matching top human security researchers. Anthropic set aside up to $100 million in usage credits for Mythos and restricted its initial rollout to 12 partners — including Amazon $AMZN Web Services, Apple $AAPL, Cisco, CrowdStrike, Google $GOOGL, Microsoft $MSFT, and Nvidia $NVDA — each contractually bound to use the model for defensive security work only. Mythos Preview identified thousands of previously unknown vulnerabilities across major operating systems and browsers during testing, including a flaw in OpenBSD dating back 27 years.
Underpinning both platforms is a shift in the threat environment: The Hacker News notes that AI-assisted research has dramatically accelerated the rate at which previously hidden vulnerabilities can be surfaced. The pace of discovery has outrun remediation in many organizations, and a related problem has emerged: maintainers now face an overwhelming volume of incoming reports, a portion of which turn out to be convincing but entirely fabricated outputs from AI tools — a phenomenon the industry has taken to calling triage fatigue.