OpenAI’s Daybreak: An AI Cyber Defence Suite Nobody Can Actually Use Yet

OpenAI has quietly launched something called Daybreak — a cyber defence suite that uses their large language models to find and fix software vulnerabilities. I say quietly, because you can’t just sign up for it. Much like Anthropic’s Mythos (more on that in a moment), this is very much a “we’ll let you know when we’re ready for you” kind of release.

According to Mashable, Daybreak combines OpenAI’s models — specifically the new GPT-5.5 — with Codex, their coding tool, to offer partners things like secure code review, threat modelling, patch validation, dependency risk analysis, detection, and remediation guidance. Which is a fairly impressive list, if it actually delivers on all of that.

There are three model tiers on offer right now:

1. GPT-5.5 (default) — general purpose work, your starting point.

2. GPT-5.5 with Trusted Access For Cyber — aimed at “most defensive security workflows,” covering secure code review, malware analysis, and patch validation. So the stuff most security teams actually spend their days doing.

3. GPT-5.5-Cyber — the spicy one. Authorised red teaming, penetration testing, and controlled validation. This is clearly where OpenAI have had to be careful, because tooling this capable in the wrong hands is an absolute nightmare scenario.

That last point is probably why the whole thing is gated behind a partner programme in the first place. OpenAI says they’ll be “working with industry and government partners” as they work towards deploying “increasingly more cyber-capable models” in future. Measured language, but you can read between the lines — they’re not letting this loose until they’re comfortable with who’s using it.

It’s also worth noting that Anthropic have been doing something similar with their Project Glasswing initiative and Mythos — an AI apparently so capable at finding vulnerabilities that they’ve only handed access to a select few partners. OpenAI are clearly not going to let Anthropic have that space to themselves.

Named partners at launch include Cloudflare, Cisco, Oracle, and Akamai. Which is a solid set of names — these aren’t small operations experimenting on a whim, these are organisations with genuine enterprise security needs and, presumably, the maturity to use something like this responsibly.

Pricing? Not disclosed publicly. You’ll need to get in touch with OpenAI’s sales team for a quote, which tells you roughly where the pricing is going to land. This is not going to be a tenner a month.

Honestly, the concept is interesting. AI-assisted vulnerability detection and remediation is one of those areas where I can see genuine value — the sheer volume of code in production environments, combined with the speed at which new dependencies and attack surfaces emerge, makes this exactly the kind of problem that benefits from automation. Whether Daybreak actually delivers or whether it’s mostly impressive demo material dressed up in enterprise packaging, I genuinely don’t know yet. We’ll see what the partners say once they’ve had a proper dig around with it.