OpenAI Points Its Best Hacker at the Software Everyone Runs

The uncomfortable truth about AI and security is that the same model can write the exploit and write the fix. Which side it serves is a question of who points it and at what. On June 22, 2026, OpenAI answered for itself: it released the full version of GPT-5.5-Cyber and launched Patch the Planet, an initiative aimed squarely at the open-source code that quietly underpins nearly every piece of software on Earth.

A new high score on a benchmark that matters

GPT-5.5-Cyber is a specialized variant of OpenAI's flagship, tuned for offensive and defensive security work. The numbers are what make it notable. On CyberGym — a benchmark that measures a model's ability to find and reason about real software vulnerabilities — the full GPT-5.5-Cyber scores 85.6 percent, up from 81.8 percent for the standard GPT-5.5. That is the highest single-model score anyone has posted on the benchmark.

The gains are sharper still on the harder evaluations. On ExploitGym, which tests whether a model can turn a vulnerability into a working exploit, it jumps to 39.5 percent from GPT-5.5's 25.95 percent. On SEC-bench Pro, a security-engineering suite, it reaches 69.8 percent versus 63.1 percent. Read those three together and the shape of the capability is clear: this is not a model that merely flags suspicious code. It finds the bug, reasons about how to weaponize it, and can be steered toward remediation — the full kill chain, compressed into a single system.

That dual nature is exactly why the launch matters more than another benchmark bump. A tool this capable is an accelerant for whoever holds it. OpenAI's bet — and it is a bet, not a guarantee — is that putting the defensive application in front of the offensive one shifts the balance toward patchers rather than attackers.

Patch the Planet

The defensive application is Patch the Planet, an extension of OpenAI's Daybreak security program, built in partnership with Trail of Bits and HackerOne. The premise is structural. The internet runs on a thin layer of open-source projects — cURL, Go, Python, aiohttp, freenginx, NATS Server, Sigstore, pyca/cryptography — maintained, in many cases, by a handful of volunteers. These are the libraries embedded in billions of devices and the backbone of corporate infrastructure, and the people responsible for them are chronically outnumbered by the surface area they have to defend.

Patch the Planet pairs AI-assisted vulnerability research with human expert review and points the combination at exactly those projects. An initial five-day sprint across 19 open-source projects surfaced hundreds of security issues and merged dozens of patches, producing reusable testing workflows along the way — fuzzing harnesses, variant analysis, differential testing. More than 30 projects have now committed to participate, including python.org itself.

The "human expert review" clause is not a footnote. A model that scores 85.6 percent on CyberGym still produces false positives, and an automated firehose of unverified bug reports is itself a denial-of-service attack on maintainers who are already stretched thin. By routing findings through Trail of Bits and HackerOne before they reach a project, the program is trying to deliver triaged, validated patches rather than raw noise — the difference between help and homework.

The race underneath the announcement

The timing is not incidental. Anthropic's Project Glasswing put a frontier model's zero-day discovery capability into the security conversation earlier this year, and the framing there leaned offensive — a model that finds novel vulnerabilities faster than humans can. OpenAI's move is the mirror image: take a model that is, by the benchmarks, an even stronger bug-finder, and brand its public debut around fixing shared infrastructure rather than breaking it.

Both labs are describing the same underlying reality from opposite ends. AI has crossed the threshold where it can find serious vulnerabilities in widely deployed code at scale. That capability is now diffusing into the world whether or not anyone wants it to. The only open question is whether the defenders get the leverage first — and whether the maintainers of the world's most critical libraries can absorb a sudden flood of AI-discovered bugs without drowning in it.

That is the quiet risk inside the good news. If GPT-5.5-Cyber can find hundreds of issues in 19 projects in five days, so can a comparably capable model in unfriendly hands, pointed at the same cURL and the same cryptography library, with no intention of filing a responsible disclosure. Patch the Planet is, in effect, a race to reach those bugs first and close them before someone else reaches them to use them.

What to watch

The benchmark score is the headline, but the test that counts is operational, not numerical. Does the merged-patch count keep climbing as the project list grows? Do the maintainers of cURL and Python report that the program reduced their workload rather than multiplying it? And does the validated, human-reviewed pipeline hold up when the volume scales from 19 projects to hundreds?

If it does, OpenAI will have demonstrated something more durable than a leaderboard position: that a frontier model's most dangerous capability can be institutionalized on the defensive side faster than it spreads on the offensive one. If it doesn't — if the patches stall or the maintainers buckle — then the same 85.6 percent that looks like a gift this week starts to look like a countdown. Either way, the model that can both write the exploit and write the fix is now shipping. The fight is over who gets to point it.