The frontier AI race is setting its sights on cybersecurity. On Monday, OpenAI announced Daybreak, a cybersecurity initiative designed to help defenders leverage frontier AI models to identify and patch software vulnerabilities with AI.

According to the announcement blog post , Daybreak has been developed to help make software resilient by design. “It starts from the premise that the next era of cyber defence should be built into software from the beginning by not only finding and patching vulnerabilities, but being resilient to them by design,” the post said.

As part of the initiative, OpenAI will provide customers with access to GPT-5.5, GPT-5.5 with Trusted Access for Cyber and GPT 5.5-Cyber to support a range of defensive use cases. Potential use cases include secure code review, vulnerability triage, malware analysis, detection engineering, patch validation, red teaming and penetration testing.

The announcement comes just after OpenAI announced the launch of GPT-5.4-Cyber , a cyber-permissive AI model designed to support defensive use cases as part of the startup’s Trusted Access for Cyber (TAC) program.

A New Era Of Cybersecurity

Daybreak emerges amid rising anxieties over AI-driven cyber attacks which reached a fever pitch in April when Anthropic announced Claude Mythos Preview, a model that had “found thousands of high-severity vulnerabilities,” including some in every major operating system and web browser.

While Mythos hasn’t been made available to the general public, its limited release as part of Project Glasswing has raised questions about whether defenders will be able to keep up with the speed of vulnerability exploitation once similarly powerful models come to market.

OpenAI’s Daybreak initiative is an attempt to meet these concerns head-on, using OpenAI’s existing frontier models alongside Codex as an agentic harness to help third-party companies continuously secure software.

“OpenAI is launching Daybreak, our effort to accelerate cyber defense and continuously secure software,” Sam Altman, cofounder and CEO of OpenAI, said in a post on X. “AI is already good and about to get super good at cybersecurity; we’d like to start working with as many companies as possible now to help them continuously secure themselves.”

Companies that want to participate in Daybreak can contact OpenAI via a web form to request a vulnerability scan or “Daybreak assessment.” The company website says the assessment can identify and validate security issues across code and applications. The idea is to help security teams prioritize risk, remediate faster and strengthen defenses as part of a secure by design approach.

Why Does Open AI Daybreak Matter?

At its core, Daybreak represents an attempt by OpenAI to differentiate itself from Anthropic in the frontier AI race by doubling down on cyber-permissive models to help companies better secure critical applications and code. If AI can discover vulnerabilities faster than ever before, as Mythos suggests, defenders not only need to patch exploits quickly, but ideally prevent them from making it to code in the first place.

“This is certainly an important milestone in the evolution of AI capabilities. It seems like a step in the right direction and to some degree, it’s the ‘answer’ to Mythos,” Petros Efstathopoulos, VP of Research at RSAC, told me via email. “Even though the systems are being pitched differently and OpenAI is trying to sell the ‘secure by design’ angle, effectively there seems to be no real practical difference in the vulnerability detection portion of the two models,” though he notes it's impossible to compare the two without a direct comparison.

Efstathopoulos notes that both Daybreak and Mythos have the potential to enable secure by design approaches. For instance, if they can be integrated into existing or new CI/CD pipelines then they can become a standard piece of the testing infrastructure prior to code release.

Jen Easterly, CEO of RSAC and former director of CISA, told me via email that she didn’t think that Daybreak substantively changes the recommendations made in the Cloud Security Alliance’s Mythos-Ready Security Program document , but did note some broader significance.

“Daybreak reflects a further recognition that AI can play an important role in moving us toward a more secure by design digital ecosystem,” Easterly said. But we should also recognize that these increasingly powerful frontier cyber capabilities could create enormous disruption in the near term if we are not effectively able to coordinate their deployment and implementation and to govern their use.”

Easterly also said that this can’t just be a race among private companies to get to market first. She argues AI labs, government and industry must work together with the cyber defender community to ensure the secure and deliberate performance of these capabilities.

The Frontier AI Race Meets Cybersecurity

Above all, the launch of Daybreak signals a strategic shift in the AI race. Frontier AI vendors are moving from abstract commitments to developing secure models, toward building clearly defined offerings that have the potential to mitigate code vulnerabilities.

“Daybreak is a significant signal of where the industry is heading. What we’re seeing is an arms race from the model companies to tackle one of the most important verticals that AI has compounded a challenge in, cybersecurity,” Dev Rishi, GM of AI at Rubrik, told me via email.

"What we're watching in real time is a Cambrian explosion of AI capability applied to vulnerability research. The competitive dynamics between labs are compressing what would have been a five-year timeline into mere months. That pace and trend of these is what is top-of-mind for myself and CISOs, which model-of-the-day wins the benchmark I think is ultimately ephemeral,” Rishi said.

He also notes there is the potential for releases like Daybreak to displace traditional point cybersecurity solutions, especially those built on static rule sets or manual penetration testing.

Where Does Traditional Cybersecurity Stand?

Although innovations in frontier AI raise questions about how cybersecurity will evolve, there are those in the industry who suggest there are other security concerns they can’t address. After all, securing code alone won’t mitigate risk.

“Daybreak reflects how quickly frontier AI models are evolving for cybersecurity use cases. The capability gains are significant, but the bigger question is how those capabilities translate into security outcomes,” Daniel Schiappa, president of technology and services at Arctic Wolf, told me via email.

“AI can absolutely improve secure by design development by accelerating vulnerability discovery and remediation earlier in the software lifecycle. But secure coding alone doesn’t eliminate cyber risk. Many of today’s most disruptive attacks rely on credential theft, social engineering, identity abuse and operational gaps rather than software vulnerabilities,” Schiappa said.

He argues that AI models can strengthen security operations, but ultimately don’t replace the need for continuous monitoring, detection, response, identity management and operational visibility. Security outcomes still depend on platforms and teams that can turn intelligence into action across real environments.

In this sense, these models have the potential to change security approaches but there remains a need for human expertise and a wide variety of traditional tooling to address modern threats.