OpenAI Daybreak Expansion: GPT-5.5-Cyber Benchmarks, Patch the Planet Results, and How It Stacks Up Against Anthropic

• CyberGym: 85.6% — a new state-of-the-art, compared to 81.8% for the standard GPT-5.5 and 79.0% for GPT-5.4 .
• Exploit Gym: 39.5% versus 25.95% for the baseline .
• SEC-Bench Pro: 69.8% versus 63.1% for GPT-5.5 .
• AISI (UK AI Safety Institute) Expert-level tasks: GPT-5.5 achieved an average pass rate of 71.4% (±8.0%), compared to 68.6% for the previous model .
• General GPT-5.5 benchmarks (relevant context): 84.9% on GDPval (agent knowledge work across 44 occupations), 78.7% on OSWorld-Verified, and 82.7% on Terminal-Bench 2.0 .

Under OpenAI's Preparedness Framework, GPT-5.5 received a 'High' cybersecurity capability rating, meaning it remains below the 'Critical' threshold — defined as the ability to develop zero-day exploits autonomously without human help . On one measure, GPT-5.5 (and the Cyber variant) completed a 32-step network attack simulation, reported as only the second AI ever to do so, after Anthropic's Mythos .

Codex Security Plugin

OpenAI launched an updated Codex Security plugin that embeds vulnerability discovery, validation, and patching directly into the developer workflow within Codex . The plugin is designed to go beyond static analysis: it can build or infer a threat model, identify plausible vulnerabilities, determine whether affected code is reachable, gather validation evidence, develop targeted patches, and verify the result . OpenAI says the plugin incorporates lessons from internal and customer usage to accelerate finding and fixing vulnerabilities in existing systems while also helping prevent new ones from ever reaching production . Since its March 2026 research preview, the Codex Security plugin had already scanned over 30 million commits across more than 30,000 codebases, with human reviewers manually marking over 70,000 findings .

'Patch the Planet' Open-Source Program with Trail of Bits

Patch the Planet is the centerpiece open-source initiative under the Daybreak expansion, built in partnership with Trail of Bits, HackerOne, and Calif . OpenAI describes it as 'an effort to help open source maintainers move from security findings to merged fixes' with human review at the center . The program funds dedicated security engineers from Trail of Bits who work full-time with Codex and GPT-5.5-Cyber across open-source projects, with the goal of not only finding bugs but also writing and submitting merged patches .

Initial Results (First Week)

Trail of Bits organized a five-day opening sprint with 25 engineers working directly with open-source maintainers . Results across 19 projects (with 30+ pledging participation) :

• 64 pull requests submitted
• 51 issues filed (many more under coordinated disclosure)
• Hundreds of bugs identified
• 37 fixes merged into codebases

Notable examples of findings include 8 Linux kernel pointer-leak proof-of-concepts, 24 local privilege escalation vectors in system utilities, over 10 exploitable Safari vulnerabilities, a Firefox WebAssembly CVE (CVE-2026-8390) patched before Pwn2Own, and four of six dnsmasq CVEs independently flagged before their public fix . The projects covered included cURL, NATS, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python and python.org, urllib3, PyPI, SimpleX, Valkey, and RustCrypt . Trail of Bits engineers used repeated Codex /goal runs with GPT-5.5-Cyber to build an entire fuzzing lab covering dozens of entry points, platforms, and novel test seeds in under a week — a task they estimate would ordinarily take at least several weeks .

Participating maintainers also receive six months of ChatGPT Pro from OpenAI, including conditional Codex security access for coding, automations, and workflows .

Daybreak Cyber Partner Program

OpenAI launched the Daybreak Cyber Partner Program, an invite-only initiative giving security vendors access to OpenAI's frontier cyber capabilities (including GPT-5.5 with Trusted Access) to embed into their own products and services . The program aims to 'power products built on top of our best cyber capabilities for leading security companies to secure the world's software' .

Confirmed Launch Partners

• Initial program launch partners (per SiliconANGLE): Accenture, Cisco, CrowdStrike, IBM, Okta, Palo Alto Networks, Wiz .
• Additional announced participants (from individual press releases): Proofpoint , NCC Group , Darktrace , Tenable , Cato Networks , TrendAI .

A broader earlier partner list from the May 2026 Daybreak launch also included Cloudflare, Oracle, Zscaler, Akamai, Fortinet, Intel, Qualys, Rapid7, Trail of Bits, SpecterOps, SentinelOne, Netskope, Snyk, Gen Digital, Semgrep, and Socket .

Competitive Comparison: OpenAI Daybreak vs. Anthropic's Project Glasswing & Mythos AI

The expansion directly positions OpenAI's Daybreak against Anthropic's Project Glasswing and its Mythos AI model. Based on available evidence, the two efforts differ in strategy and present a fluid competitive landscape:

• Benchmark leadership varies by test: On the independent AISI Expert-level evaluation, GPT-5.5 scored a 71.4% pass rate, while the most directly comparable Anthropic model result cited is 68.6%, suggesting GPT-5.5 leads on that specific government benchmark . On CyberGym, GPT-5.5-Cyber's 85.6% is reported as a new state-of-the-art . However, Anthropic's Mythos was the first AI to complete a 32-step end-to-end network attack simulation, with GPT-5.5-Cyber reported as only the second .
• Capability ceiling differences: OpenAI's GPT-5.5 is explicitly below the 'Critical' threshold for autonomous zero-day exploit development, while Anthropic's Mythos reportedly remains ahead on certain autonomous exploit-chain tasks .
• Strategic divergence: OpenAI's approach centers on a broad ecosystem play: an open-source patching program (Patch the Planet), a large security partner network, and a developer-embedded Codex Security plugin to democratize defensive security, with OpenAI framing the effort as 'securing every organization in the world' . Anthropic's Project Glasswing and Mythos are positioned as more narrowly focused on elite offensive-defense red-teaming and autonomous exploit-chain construction, deployed through more restricted access programs .

Overall, the two companies trade leads across different benchmarks and capability domains. OpenAI's emphasis on democratization — open-source patching, broad partner integrations, and developer-embedded tools — contrasts with Anthropic's more controlled, elite-focused deployment strategy. Both models remain state-of-the-art in their respective areas of strength, and the competitive dynamic is likely to continue evolving.