In detail
- Full GPT‑5.5‑Cyber aimed at finding and patching software flaws; OpenAI says it tops cybersecurity benchmarks including CyberGym, ExploitGym and SEC‑bench Pro.
- Updated Codex Security plugin covers discovery to patch generation; adds deep scans of entire codebases, attack‑path analysis, and export to vulnerability systems via SARIF or CodeQL.
- Since its research preview the plugin scanned over 30 million commits across 30,000+ codebases; >500,000 findings auto‑flagged as fixed and 70,000 manually confirmed.
- Launches open‑source patching effort and partner program; humans still sign off on every change, and plugin can triage external scanner or bug‑bounty reports and batch‑generate patches.
Why it matters
Tools that combine automated vulnerability discovery with targeted patch generation and integration into existing workflows reduce time from finding to fixing — a practical shift for engineering and security teams that changes how organizations manage software risk.
For you Check if your development toolchain supports SARIF/CodeQL exports and consider a pilot to measure whether automated triage + patch generation reduces your mean time to remediate.