OpenAI GPT-5.5-Cyber and the Patch the Planet initiative

Patch the Planet reframes what AI changes about security. Trail of Bits, the initiative's founding partner, argues that frontier models have made vulnerability discovery cheap, so "the expensive part of security work has moved" toward patch development, hardening, and disclosure coordination ^[1]. The program's design follows that logic: AI models surface candidates, but full-time human security engineers manually triage findings, reproduce evidence, strip duplicates, write patches, and coordinate disclosure with maintainers alongside the projects themselves ^[1].

In practice this matters because machine-speed discovery can drown maintainers in noise faster than they can respond, so the bottleneck -- and the funded labor -- shifts to validated remediation rather than raw bug counts ^[2]. More than 30 open-source projects, including cURL, Go, Python, Sigstore, and pyca/cryptography, have committed to participate, with OpenAI and HackerOne supporting the funding and coordinated-disclosure workflow ^[2][3].

On the headline CyberGym benchmark, the full GPT-5.5-Cyber scored 85.6%, up from 81.8% for standard GPT-5.5 -- billed as the highest single-model score on the benchmark ^[3]. It posted larger relative jumps on exploitation-focused tests: 39.5% on ExploitGym (vs 25.95%) and 69.8% on SEC-bench Pro (vs 63.1%) ^[3].

The community read is more skeptical. The cyber-specialized model beats the general-purpose Claude Mythos (~83% on CyberGym) by only a few points, and developer forums noted that plain GPT-5.5 already lands within a hair of the specialized variant -- a 'benchmax' rather than a leap. Analysts also flagged that OpenAI's own benchmark charts omitted the higher-scoring Mythos from the comparison, sharpening the impression of selective framing ^[4]. The takeaway: the gains are real but narrow, and the marketing gap is doing some of the heavy lifting.

Daybreak ships three tiers: standard GPT-5.5 with normal safeguards, GPT-5.5 with Trusted Access for Cyber for verified defensive work in authorized environments, and the permissive GPT-5.5-Cyber for red teaming and controlled validation ^[5]. That architecture is the strategy. Where Anthropic kept Claude Mythos fully gated -- the model that found and patched 271 Firefox vulnerabilities -- OpenAI chose calibrated access over withholding, betting that identity-verified distribution to vetted defenders beats locking the capability away entirely ^[4].

The dual-use stakes are not hypothetical: the UK AI Security Institute found that GPT-5.5 "solved a 20-hour expert-level network attack simulation composed of 32 steps end-to-end" ^[6], and SoftwareReviews warns that "a model that helps defenders discover and validate vulnerabilities can also lower the barrier for offensive actors if access controls fail" ^[4]. The entire gating apparatus exists to keep that failure from happening.

The public reaction splits along familiar lines: accelerationist enthusiasm on one side and benchmark skepticism on the other, with a recurring 'GPT Cyber vs Claude Mythos arms race' narrative running across X and YouTube coverage. The independent video coverage skews measured-skeptic rather than alarmed, with the highest-reach reviewers stressing that AI-driven offense still leaves detectable footprints for defenders.

But the most concrete, repeated complaint is operational, not philosophical. In OpenAI's own community channels, the dominant thread is friction around Trusted Access: KYC and Persona identity verification are required, ban triggers are unclear (one developer feared a ban merely for building a web scraper), and some verified users still could not reach Codex Security weeks after approval. Privacy-conscious holdouts are simply refusing to hand over biometric and PII data to get in. The signal here is that the gate OpenAI built as a safety feature is also the product's biggest adoption tax.