OpenAI expanded Dawn, its cybersecurity initiative that mixes AI fashions, Codex Safety, safety researchers, maintainers, business companions, and entry controls to assist vulnerability discovery and remediation. Organizations can use the initiative to determine, validate, and repair software program vulnerabilities, whereas builders, maintainers, and safety groups can use its instruments to strengthen defensive safety capabilities.
Codex Safety scan (Supply: OpenAI)
Codex Safety targets remediation bottlenecks
Advances in vulnerability discovery are exposing extra points, rising the strain on groups liable for fixing them.
OpenAI launched the Codex Safety cloud analysis preview in March. Since then, it has scanned greater than 30 million commits throughout 30,000 codebases, and greater than 500,000 findings have been robotically decided to be mounted.
The platform understands a group’s codebase and menace mannequin, or creates one when wanted. It identifies believable vulnerabilities, determines whether or not affected code is reachable, gathers proof to assist validation, develops focused patches, and verifies outcomes. Human operators stay in charge of which findings to research, which adjustments to use, and what data to share.
With the up to date Codex Safety plugin, builders can run deep scans or evaluate current adjustments in repositories, pull requests, and native code, generate studies that embody severity scores, affected code places, validation proof, and remediation steering, hint assault paths, construct menace fashions, validate findings, and generate codebase-specific patches for evaluate.
“The plugin can even triage and validate present findings from scanners, advisories, bug bounty studies, or ticketing methods, then automate patch era at scale to assist scale back vulnerability backlogs. When Codex Safety completes a scan, it will probably export findings to an present vulnerability administration system or combine with different instruments by way of SARIF recordsdata, CodeQL queries, and extra. The plugin makes these capabilities extra accessible for automated pipelines utilizing Codex CLI and for developer workflows within the Codex app,” the corporate said.
GPT-5.5-Cyber positive aspects new safety capabilities
OpenAI’s preliminary preview of GPT-5.5-Cyber, which stays obtainable to verified defenders whose licensed work requires OpenAI’s most superior cyber capabilities, centered on decreasing pointless refusals in specialised workflows. The mannequin can determine security-relevant elements, decide whether or not code is reachable, validate doubtless points in managed environments, develop and take a look at patches, and put together proof for human evaluate.
GPT-5.5-Cyber outperformed GPT-5.5 on the CyberGym, ExploitGym, and SEC-bench Professional safety benchmarks, scoring 85.6%, 39.5%, and 69.8%, respectively.
“We’re persevering with to guage the mannequin’s efficiency on complicated repositories and actual remediation workflows as coordinated disclosures conclude,” OpenAI added.
OpenAI launches cyber companion program
OpenAI launched the OpenAI Dawn Cyber Associate Program, which permits taking part safety distributors to combine GPT-5.5 with Trusted Entry for Cyber into customer-facing services.
Trusted Entry for Cyber offers entry to superior cyber capabilities alongside extra safeguards, monitoring, and verification measures.
The corporate mentioned it plans to increase this system to extra organizations within the coming months.
Patch the Planet helps open-source safety
OpenAI launched the Patch the Planet initiative with Path of Bits and in collaboration with HackerOne and CALIF. It funds safety researchers and equips them with Codex Safety and superior AI fashions to work with open-source maintainers.
The initiative combines AI-assisted vulnerability discovery with knowledgeable human evaluate to scale back false positives and ease the burden on software program maintainers.
OpenAI safety researchers work with open-source maintainers to validate vulnerabilities, take away duplicate studies, and confirm patches earlier than submission. Collaborating tasks obtain ChatGPT Professional, API credit, and conditional entry to Codex Safety.
Based on OpenAI, an preliminary five-day dash recognized a whole bunch of potential points, led to dozens of merged fixes, and produced reusable testing workflows to assist future vulnerability discovery and remediation.
The corporate is working with governments and establishments worldwide strengthen cybersecurity defenses and shield important infrastructure.
“We plan to work immediately with eligible operators of important infrastructure, together with authorities networks, to develop safeguards tailor-made to the methods they function. The main focus of this work is to make superior AI extra helpful to defenders whereas making it more durable for malicious actors to trigger real-world hurt,” the corporate mentioned.
OpenAI plans to work with enterprise clients and companions to strengthen cybersecurity safeguards and assist stop assaults concentrating on important providers.