OpenAI wants AI to fix vulnerabilities, not just find them
OpenAI wants AI to fix vulnerabilities, not just find them
https://www.helpnetsecurity.com/2026/06/23/openai-expanded-daybreak-cybersecurity-initiative/
Publish Date: 2026-06-23 04:49:00
Source Domain: www.helpnetsecurity.com
OpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the initiative to identify, validate, and fix software vulnerabilities, while developers, maintainers, and security teams can use its tools to strengthen defensive security capabilities.
Codex Security scan (Source: OpenAI)
Codex Security targets remediation bottlenecks
Advances in vulnerability discovery are exposing more issues, increasing the pressure on teams responsible for fixing them.
OpenAI launched the Codex Security cloud research preview in March. Since then, it has scanned more than 30 million commits across 30,000 codebases, and more than 500,000 findings have been automatically determined to be fixed.
The platform understands a team’s codebase and threat model, or creates one when needed. It identifies plausible vulnerabilities, determines whether affected code is reachable, gathers evidence to support validation, develops targeted patches, and verifies results. Human operators remain in control of which findings to investigate, which changes to apply, and what information to share.
With the updated Codex Security plugin, developers can run deep scans or review recent changes in repositories, pull requests, and local code, generate reports that include severity ratings, affected code locations, validation evidence, and remediation guidance, trace attack paths, build threat models, validate findings, and generate codebase-specific patches for review.
“The plugin can also triage and validate existing findings from scanners, advisories, bug bounty reports, or ticketing systems, then automate patch generation at scale to help reduce vulnerability backlogs. When Codex Security completes a scan, it can export findings to an existing vulnerability management system or integrate with other tools…
