GPT-5.5-Cyber
OpenAI's GPT-5.5-Cyber is a cybersecurity-specialized fine-tune of GPT-5.5, restricted to vetted defenders through the Daybreak Cyber Partner Program and rated 85.6% on the CyberGym benchmark.
8 min read
Overview
OpenAI launched GPT-5.5-Cyber on June 22, 2026, as part of the Patch the Planet effort - a coordinated push to direct frontier AI capabilities toward defensive security at scale. The model is a fine-tune of GPT-5.5 with lowered refusal thresholds on security-relevant tasks, distributed through OpenAI's Daybreak Cyber Partner Program to enterprise security vendors. Like its predecessor GPT-5.4-Cyber, it isn't available through a public API.
TL;DR
- Fine-tune of GPT-5.5 for defensive security work, with 85.6% on CyberGym (up from 81.8% for base GPT-5.5)
- Access restricted to enterprise security vendors through the Daybreak Cyber Partner Program - Trail of Bits, HackerOne, Cisco, CrowdStrike, IBM, Palo Alto Networks, Accenture, Okta, and Wiz among named partners
- Predecessor GPT-5.4-Cyber scored 88.23% on professional CTFs; GPT-5.5-Cyber targets practical enterprise deployment over raw CTF performance
The Patch the Planet project, announced June 22, 2026, sits under OpenAI's broader Daybreak umbrella and marks a shift in scope. Where Daybreak originally focused on research preview users and security tool integrations, Patch the Planet routes GPT-5.5-Cyber directly to commercial security vendors - companies that sell vulnerability management, threat intelligence, and penetration testing products. The partners aren't running experiments; they're embedding the model into shipping software.
The launch followed a series of high-profile vulnerability discoveries attributable to the model's predecessor. GPT-5.4-Cyber found a WebAssembly flaw in Firefox significant enough that five of six Pwn2Own Berlin entries withdrew rather than compete against it - a result documented in Pwn2Own Berlin 2026's capacity overflow. The Firefox flaw, five exploitable bugs in Chrome V8, more than ten WebKit vulnerabilities, a 23-year-old kernel flaw in OpenBSD, eight pointer leak proof-of-concepts plus 24 local privilege escalation exploits in the Linux kernel, and vulnerabilities in dnsmasq all came through the cyber model line. GPT-5.5-Cyber is the generation that follows that track record.
Key Specifications
| Specification | Details |
|---|---|
| Provider | OpenAI |
| Model Family | GPT-5 |
| Base Model | GPT-5.5 |
| Parameters | Not disclosed |
| Context Window | 1M tokens (inherited) |
| Pricing | Not disclosed, Daybreak enrollment required |
| Release Date | June 22, 2026 |
| License | Proprietary, restricted access |
| Availability | Daybreak Cyber Partner Program (enterprise vendors) |
| Initiative | Patch the Planet / Trusted Access for Cyber |
For architecture, context window behavior, and general pricing, see the GPT-5.5 model page.
Benchmark Performance
OpenAI published the CyberGym result as the headline evaluation for GPT-5.5-Cyber. CyberGym measures performance across a structured set of defensive security scenarios including vulnerability discovery, triage, and exploit analysis.
| Benchmark | GPT-5.5-Cyber | GPT-5.5 (base) | GPT-5.4-Cyber | Claude Mythos Preview |
|---|---|---|---|---|
| CyberGym | 85.6% | 81.8% | Not published | 83.1% |
| Professional CTFs (pass@12) | Not published | - | 88.23% | - |
| CVE-Bench web vulns (pass@1) | Not published | - | 86.27% | - |
| UK AISI expert CTF | Not published | - | Not evaluated | 73% |
| SWE-bench Verified | Not published | - | - | 93.9% |
The 3.8-point CyberGym improvement over base GPT-5.5 (85.6% vs 81.8%) comes from fine-tuning rather than architecture changes. Against Claude Mythos Preview's 83.1% on the same benchmark, GPT-5.5-Cyber leads by 2.5 points - a reversal from the GPT-5.4-Cyber era where Mythos led on CyberGym. The comparison is limited because Mythos was assessed on an older CyberGym configuration and the two models are measured differently on most other cyber benchmarks.
The predecessor's CTF numbers (88.23% pass@12 on professional CTFs) remain the best published scores for the line. OpenAI hasn't released equivalent CTF data for GPT-5.5-Cyber, which either means the benchmark hasn't been run on the same track or the results are being held back. The absence of a CTF score matters less for the Patch the Planet use case, which is oriented toward enterprise vulnerability workflows, not point-in-time contest performance.
GPT-5.5-Cyber is built for practical vulnerability discovery workflows - feeding compiled binaries and source code through an AI that can flag exploitable patterns without human-guided triage at each step.
Source: pexels.com
Key Capabilities
Practical Vulnerability Discovery
The headline capability is the same as GPT-5.4-Cyber's: lowered refusal thresholds on legitimate security tasks that the base GPT-5.5 model declines. Binary reverse engineering, malware dissection, exploit chain analysis, and CVE triage all run without the friction the public API imposes. The improvement over the 5.4 generation targets depth over CTF coverage - better handling of real enterprise codebases, longer dependency chains, and multi-file vulnerability patterns that don't surface cleanly in contest-format evaluations.
The vulnerability track record attributable to the model line is the most concrete evidence of capability. The Firefox WebAssembly flaw was severe enough to reshape Pwn2Own competition dynamics. The Linux kernel work - eight pointer leak PoCs plus 24 LPE exploit chains - covered multiple subsystems in parallel. The 23-year-old OpenBSD kernel flaw and the dnsmasq findings both required understanding of deep system internals with no public writeup to guide the model.
Partner Ecosystem Integration
GPT-5.5-Cyber is positioned differently from GPT-5.4-Cyber. The 5.4 model targeted individual researchers and security teams through the Trusted Access for Cyber verification process. The 5.5 variant goes to vendors - Trail of Bits, HackerOne, Cisco, CrowdStrike, IBM, Palo Alto Networks, Accenture, Okta, and Wiz are the nine named Patch the Planet partners. These companies embed the model into their existing security products rather than running it as a standalone tool.
That's a structural change in how OpenAI reaches the defender community. A CrowdStrike integration means GPT-5.5-Cyber's analysis runs inside Falcon workflows; a HackerOne integration means bug bounty triage gets AI-assisted severity scoring. The model reaches security operations teams who'd never apply for TAC access directly.
Codex Security Pipeline
Like its predecessor, GPT-5.5-Cyber connects to OpenAI's Codex Security infrastructure. The Codex Security beta scanned 1.2 million commits, surfaced 792 critical and 10,561 high-severity issues, and shipped 14 CVEs across OpenSSH, GnuTLS, Chromium, PHP, libssh, and gpg-agent - all before Daybreak formalized the commercial program. GPT-5.5-Cyber brings a stronger base model into that pipeline.
The Patch the Planet partner list - Trail of Bits, HackerOne, Cisco, CrowdStrike, IBM, Palo Alto Networks, Accenture, Okta, Wiz - reaches security operations teams through existing enterprise product integrations.
Source: pexels.com
Pricing and Availability
OpenAI hasn't published pricing for GPT-5.5-Cyber. Access runs through the Daybreak Cyber Partner Program, which requires enrollment through OpenAI sales rather than a self-serve API key. The base GPT-5.5 lists at $5/$30 per million input/output tokens, but that pricing doesn't automatically carry over to the cyber variant - previous cyber models have all been priced under separate negotiated arrangements.
Access tiers
The Daybreak program structures access across three levels:
- Standard GPT-5.5 via the public API - available to any developer
- Trusted Access for Cyber - verified defenders (thousands enrolled) with reduced refusal thresholds on security tasks
- Daybreak Cyber Partner Program - enterprise security vendors embedding the model into commercial products; GPT-5.5-Cyber lives here
Individual researchers aren't the primary audience for GPT-5.5-Cyber. The previous generation's TAC program scaled to verified defenders and independent consultants. Patch the Planet routes the 5.5 model to the vendors those defenders use. If you're an individual security researcher looking for elevated access, the GPT-5.4-Cyber TAC enrollment path remains the relevant option while the 5.5 program matures.
Strengths and Weaknesses
Strengths
- Leads published CyberGym comparisons at 85.6% - 2.5 points above Claude Mythos Preview on that benchmark
- 3.8-point improvement over base GPT-5.5 confirms fine-tuning adds measurable security capability
- Partner model (Trail of Bits, CrowdStrike, HackerOne, etc.) reaches defenders through tools they already use
- Predecessor's real-world vulnerability record - Firefox WebAssembly, Linux kernel LPE chains, OpenBSD kernel, dnsmasq - gives the model line credibility beyond benchmark numbers
- Inherits GPT-5.5's 1M context window for long codebases and multi-file analysis
- Integrated into Codex Security pipeline with an established track record of shipped CVEs
Weaknesses
- No CTF benchmark data published - the 88.23% professional CTF score belongs to GPT-5.4-Cyber, not this model
- Partner-only access excludes individual researchers and small teams who were the target audience for TAC
- No public pricing - procurement planning is opaque until vendor relationships are established
- Mythos Preview leads significantly on coding benchmarks (93.9% SWE-bench Verified) and was purpose-built for cyber; GPT-5.5-Cyber is still a fine-tune of a general model
- CyberGym comparison with Mythos uses different evaluation configurations - the 2.5-point lead should be read with caution
- Access gated through partner vendors means security teams depend on third-party integrations for model updates
Related Coverage
- OpenAI Launches Daybreak Cybersecurity Platform - The program this model ships under
- GPT-5.4-Cyber - The previous generation, with published CTF benchmarks
- Claude Mythos Preview - Anthropic's direct competitor in restricted cyber AI
- Pwn2Own Berlin 2026 Capacity Overflow - Context for the Firefox WebAssembly flaw
- GPT-5.5 - The base model
- Jailbreak and Red Team Leaderboard - Safety evaluation context
FAQ
Who can access GPT-5.5-Cyber?
Enterprise security vendors enrolled in OpenAI's Daybreak Cyber Partner Program. Named partners include Trail of Bits, HackerOne, Cisco, CrowdStrike, IBM, Palo Alto Networks, Accenture, Okta, and Wiz. Individual researchers should look at the Trusted Access for Cyber program for GPT-5.4-Cyber instead.
How does GPT-5.5-Cyber differ from GPT-5.4-Cyber?
The base model upgrades from GPT-5.4 to GPT-5.5, and CyberGym improves from unpublished (5.4) to 85.6% (5.5). The distribution model shifts from individual TAC verification to enterprise vendor partnerships under Patch the Planet.
How does it compare to Claude Mythos Preview?
GPT-5.5-Cyber leads on CyberGym (85.6% vs 83.1%). Mythos leads substantially on coding benchmarks (93.9% SWE-bench Verified) and was purpose-built for cyber. The comparison is also complicated by different evaluation setups and access models.
Is pricing available?
Not publicly. Pricing runs through Daybreak partner agreements negotiated with OpenAI sales. The base GPT-5.5 ($5/$30 per million tokens) doesn't automatically apply.
What real-world vulnerabilities has the model line found?
The predecessor GPT-5.4-Cyber found a Firefox WebAssembly flaw (caused five Pwn2Own Berlin entries to withdraw), five exploitable Chrome V8 bugs, ten or more WebKit bugs, a 23-year-old OpenBSD kernel vulnerability, eight Linux kernel pointer leak PoCs plus 24 LPE exploits, and dnsmasq vulnerabilities.
Sources
✓ Last verified June 23, 2026
