OpenAI Shipped the Cyber AI Washington Just Pulled From Anthropic
On June 22, OpenAI shipped GPT-5.5-Cyber — a model that finds the holes in your software and writes the patch. It also scores 39% on turning those same holes into working attacks. Ten days earlier, Washington forced Anthropic to pull a model doing nearly the same thing.
The Promise
The Risk
Same capability, opposite outcome
On June 22, OpenAI launched its Daybreak expansion and, with it, GPT-5.5-Cyber: a model built to find vulnerabilities in software and write the fix. Ten days earlier, a US government directive forced Anthropic to disable Mythos 5, a model with nearly the same offensive-defensive cyber profile. Same underlying capability, opposite outcome — and the difference was not the code. It was who decided, and when.
That gap is the story. Frontier cyber capability is no longer governed by what the model can do. It is governed by which lab ships it and which government lets it stay up.
What Daybreak actually shipped
Three things, not one. Codex Security, the full GPT-5.5-Cyber model, and a program OpenAI is calling Patch the Planet. The pitch is that the bottleneck in security has moved. For years the hard part was finding the bug; now a capable model can find it and draft the patch in the same pass, which is real leverage for an under-staffed security team drowning in a backlog.
That is the promise, and it is not small. Most organizations do not lose to exotic zero-days. They lose to known holes nobody had time to close.
The dual-use problem
Here is the catch that no benchmark chart leads with. The model that patches is the model that exploits. OpenAI’s own number puts GPT-5.5-Cyber at 39% on generating working attacks from the vulnerabilities it surfaces. You cannot buy the defensive half without the offensive half existing in the same weights. That is what “dual-use” means in practice, and it is why the same capability got shipped in one country and switched off in another within two weeks.
A switch labs and governments control
After 25 years in cybersecurity, the part that should worry a security leader is not the 39%. It is the dependency. If your defensive tooling runs on a gated frontier model, your security posture now has an off switch you do not hold — and Anthropic’s Mythos 5 just demonstrated that the switch gets used. A control you cannot guarantee access to is not a control you can plan around.
Three questions for your next security review
One. If a frontier cyber model became unavailable tomorrow by government order, what is our fallback, and have we tested it? Two. Are we treating AI-generated patches as drafts that get reviewed, or as fixes that ship unread? Three. Who owns the decision about which AI cyber tools we depend on — security, procurement, or nobody yet? The capability is genuinely useful. The dependency is the risk you are actually buying.