OpenAI has unveiled Daybreak, an initiative aimed at moving cyber defence beyond vulnerability discovery and into automated patching at scale. The programme combines an upgraded Codex Security plugin, a more capable and permissive GPT-5.5-Cyber model, a new partner programme, and an open-source remediation effort named Patch the Planet.

Codex Security has been in research preview since March and, by OpenAI's own account, has now swept through upwards of 30,000 codebases and 30 million commits. Of the vulnerabilities it has surfaced, human reviewers have signed off on more than 70,000 as genuinely fixed, while the system has self-certified another half a million or so without manual review. The updated plugin now offers full codebase scanning, threat modeling, and patch generation built directly into developer workflows.

The newly released GPT-5.5-Cyber, previously limited to a permissive-only preview, posts what OpenAI calls its highest CyberGym score yet at 85.6 percent, up from 81.8 percent for GPT-5.5, with similar gains reported on exploit-generation and long-horizon vulnerability discovery benchmarks. Access remains restricted to verified defenders under enhanced monitoring and review.

Who Owns AI Security in the Enterprise? Governance Is Still in Its Infancy
Who actually owns AI security in your organisation — and how mature is your governance around it? Two senior CISOs from vastly different environments give a straight answer: ownership sits with the CISO for now, and governance, even in well-run programmes, is still in its infancy. AI is shifting enterprise risk from defending infrastructure to defending decisions. Agentic AI operates semi- or fully autonomously, traditional security controls don’t fit probabilistic systems, and no single vendor covers the full attack surface. Speakers: Andy Holliday, CISO at Petrofac, Lester Godsey, CISO at Arizona State University and Stewart Tinson, Project Director, AI-360 You’ll learn: • Why the CISO is the only realistic owner of AI security risk for the next 5 years • Why agentic AI breaks deterministic security controls and what to do about it • How ASU built an actionable AI framework supporting 60+ large language models • Practical controls: API key hygiene, command whitelists, blast radius reduction • Why no single vendor can cover AI security end-to-end Key topics: Agentic AI risk • AI governance maturity • Threat model transformation • CISO ownership • Incident response for AI • Ethics & training data bias • Vendor landscape reality • Probabilistic vs deterministic controls For CISOs, CIOs, and risk leaders making decisions about AI adoption now.
BrightTALK

A Daybreak Cyber Partner Programme will give security vendors including Cisco, CrowdStrike, Palo Alto Networks and Wiz controlled access to the underlying models within their own products. Meanwhile Patch the Planet, run with Trail of Bits and HackerOne, has signed up more than 30 open-source projects, among them cURL, Go and Python, to receive expert-led remediation support.

OpenAI says it has struck Trusted Access for Cyber partnerships over the past month with Australia, Canada, France, Germany, Japan and South Korea, along with EU bodies including ENISA, alongside a separate and growing relationship with the UK government covering testing, evaluation and related work.

Garbage In, Garbage Faster: Why Agentic AI Exposes Your Organisational Debt
If Agentic AI follows your documented processes, what happens when those processes don’t reflect reality? Most organisations assume AI will figure things out. Business Architect Laura Van Weegen argues the opposite: AI doesn’t create new problems — it removes your ability to ignore the ones that have existed forever and a day. Undocumented workflows, undefined decision ownership, and human workarounds masking broken systems all get amplified at machine speed. You’ll learn: • Why “garbage in, garbage faster” is the real Agentic AI risk • The critical difference between feeding AI data versus information • How process debt compounds the same way technical debt does • Why exception handling is the new decision design priority • What one conversation reveals more than most AI readiness assessments • How to build explainability in from day one Key topics: Agentic AI readiness • Information architecture • Process debt • Data vs information • Contextual blindness • Decision ownership • Explainability vs traceability • Semantic infrastructure • Exception handling • Organisational accountability • Workflow documentation • AI governance Essential viewing for CISOs, CIOs, CFOs, and Chief Legal Officers evaluating Agentic AI deployment — before the human safety net disappears.
BrightTALK

Share this post
The link has been copied!