NCC Group has been tapped for OpenAI's invite-only Daybreak Cyber Partner Program, giving the Manchester-based security firm early access to a specialized version of GPT-5.5 configured for cyber resilience work. CEO Mike Maddison said the company will research how GPT-5.5 capabilities can help "experienced defenders discover vulnerabilities, strengthen security workflows, and improve resilience for clients."
The move is part of a broader OpenAI expansion announced Monday that pushes its Daybreak initiative beyond vulnerability discovery into automated patching and remediation. OpenAI released GPT-5.5-Cyber, its "strongest model yet for finding and helping patch software vulnerabilities," scoring 85.6% on the company's CyberGym benchmark, up from GPT-5.5's 81.8%. The model also posted 39.5% on ExploitGym (vs. 25.95%) and 69.8% on SEC-bench Pro (vs. 63.1%).
OpenAI is positioning the release as a direct response to a shifting bottleneck in cybersecurity. AI models from OpenAI and Anthropic have accelerated vulnerability discovery to the point where the hard part is no longer finding flaws, it's validating, patching, and deploying fixes before attackers move. The Daybreak Cyber Partner Program lets 19 product vendors and eight global systems integrators embed GPT-5.5 with Trusted Access for Cyber into customer-facing tools, keeping direct model access with partners rather than end users.
NCC Group joins a partner list that includes Accenture, Akamai, Cisco, Cloudflare, CrowdStrike, Darktrace, IBM, Palo Alto Networks, and Wiz. On the OpenAI Daybreak partner page, Maddison said NCC Group will "bring our deep expertise and experience to help shape how these technologies are safely deployed."
Alongside the partner program, OpenAI launched Patch the Planet, an open-source initiative founded with Trail of Bits and run with HackerOne that targets widely used projects with small maintainer teams. Initial participants include cURL, Go, Python, Sigstore, and pyca/cryptography.
OpenAI said more than 30 open-source projects have committed, and the first five-day sprint surfaced hundreds of issues with dozens of patches already merged. The Codex Security plugin also got an update.
OpenAI said the cloud service has scanned more than 30 million commits across 30,000 codebases since March, with human reviewers marking over 70,000 findings as fixed and more than 500,000 automatically determined resolved. The plugin can now triage findings from scanners, advisories, and bug-bounty reports, then generate patches at scale to close backlogs.
The timing reflects a wider warning from intelligence agencies. The Five Eyes alliance, Australia, Canada, New Zealand, the UK, and the US, has cautioned that advanced AI models can compress the window between vulnerability discovery and exploitation.
"Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months."
