OpenAI Launches Daybreak to Rival Anthropic’s Mythos in Cyber Defence

OpenAI has entered the cybersecurity arena with Daybreak, a new initiative designed to identify software vulnerabilities, generate patches, and validate fixes within enterprise codebases. The launch directly challenges Anthropic’s Mythos, which has dominated discussions on AI-powered defense in recent months.

Daybreak relies on three distinct model variants, OpenAI confirmed. GPT-5.5 handles general-purpose tasks under standard safeguards. GPT-5.5 with Trusted Access for Cyber is reserved for verified defenders conducting secure code review, vulnerability triage, malware analysis, and patch validation. A third variant, GPT-5.5-Cyber, offers a more permissive configuration for authorized red teaming, penetration testing, and controlled validation.

The platform’s workflow begins with threat modeling against a specific repository, then identifies and tests vulnerabilities in an isolated environment, and finally proposes and validates fixes. OpenAI states the goal is to compress security analysis that previously required hours into minutes, delivering audit-ready evidence back into enterprise systems.

Launch partners include Akamai, Cisco, Cloudflare, CrowdStrike, Fortinet, Oracle, Palo Alto Networks, and Zscaler. Each is integrating Daybreak capabilities under OpenAI’s Trusted Access for Cyber initiative. Access remains tightly controlled at launch; organizations must request scans or contact OpenAI sales directly.

The rivalry with Anthropic’s Mythos is defining the AI cybersecurity race. Mythos has uncovered thousands of zero-day vulnerabilities across major operating systems and browsers, kept within a controlled rollout to roughly a dozen partner organizations under a $100 million defensive program. Anthropic treats Mythos as a dual-use system whose offensive reasoning requires strict governance. OpenAI’s Daybreak takes a narrower, more operational approach: a defender-first platform built on workflow integration rather than standalone discovery power.

Timing is critical. Yesterday, Google’s Threat Intelligence Group reported the first documented case of a criminal threat actor using an AI model to discover and weaponize a zero-day exploit. The exploit, designed to bypass two-factor authentication on a widely used admin tool, was intercepted before deployment. GTIG analyst John Hultquist called it “the tip of the iceberg.”

That backdrop sharpens the question Daybreak and Mythos must answer: whether defenders can scale AI as quickly as attackers are beginning to.

Daybreak also provides OpenAI with an enterprise security narrative it previously lacked. Anthropic’s lead in this segment has been measured in column inches and central-bank briefings as much as in product. OpenAI’s response leverages its enterprise relationships, Codex code-execution tooling, and the full GPT-5.5 family to address a problem that, for most chief information security officers, still sits on the wrong side of the resourcing gap.

Whether Daybreak narrows that gap, or simply shifts spending from one model provider to another, will depend on how partner integrations perform in production. The first signal will come from how many of the eight named launch partners have tangible results to show by their next quarterly earnings.