The cybersecurity landscape has long operated under a painful paradox: defenders must be right every time, while attackers need only get lucky once. As attack surfaces expand across cloud infrastructure, third-party dependencies, and distributed microservices, the gap between when a vulnerability appears and when it gets fixed has become one of the most dangerous windows in modern software development.
Now, frontier AI labs are stepping into that gap. We sat down with Mykyta Tereshkin to walk us through OpenAI's latest cybersecurity initiative, Daybreak, and what it means for software development and outsourcing teams.
Background & experience:
With 7+ years of experience building enterprise and product systems, Mykyta specialises in .NET, backend architecture, distributed systems, APIs, and cloud integrations.
1. For those unfamiliar with the initiative, what is OpenAI Daybreak?
Mykyta: Daybreak is OpenAI's cybersecurity initiative focused on proactive software defence. Rather than waiting for attackers to find and exploit vulnerabilities, it's designed to identify, validate, and patch them first. It combines OpenAI's frontier models, a tool called Codex Security, and specialised GPT-5.5 cyber models to target enterprise software resilience and embed AI directly into security workflows.
2. What fundamental problem in cybersecurity is Daybreak trying to address?
Mykyta: The fundamental shift Daybreak is pushing for is moving cybers from reactive patching to what they call "resilient-by-design" development. The goal is to shrink the time between when a vulnerability is discovered and when it's remediated. Right now, that window can be hours, days, or even longer in large companies. Daybreak aims to dramatically close that window by automating much of the analysis and response work that security teams currently do manually.
3. What are the core technical components powering it?
Mykyta: There are a few key pieces working together. The Codex Security agent handles repository analysis and can run autonomous workflows across codebases. The GPT-5.5 cyber-focused models do the heavy lifting on reasoning and vulnerability analysis — understanding not just that something is vulnerable, but why and how it could be exploited. On top of that, Daybreak builds threat models based on an organisation's actual codebase and can automatically generate and validate patches inside sandboxed environments before anything touches production.
4. Can you take us through the process and explain how it works from start to finish?
Mykyta: Sure. At a high level, it starts by scanning repositories and all their dependencies. From there, it builds a threat model and performs attack-path analysis — essentially mapping out how an attacker could move through the system. Once high-risk vulnerabilities are identified, the system generates candidate patches and automatically tests them.
The whole process returns audit-ready remediation evidence, so engineering and compliance teams have a clear record of what was found and how it was addressed. Critically, engineers still review and approve changes before anything gets deployed — there's a human in the loop at that final step.
5. What categories of vulnerabilities fall within its scope?
Mykyta: It covers a pretty wide range. On the web application side, you're looking at OWASP Top 10 issues — things like SQL injection in backend APIs, Cross-Site Scripting in frontend code, broken authentication, and insecure JWT validation. It also detects privilege escalation paths in cloud infrastructure, accidentally committed sensitive secrets, and insecure dependency versions with known CVEs. On the infrastructure side, it handles cloud misconfigurations across AWS, Azure, and Kubernetes, as well as Infrastructure-as-Code policy violations.
6. Let's talk about the auto-resolution side of things. How does the patch generation process work?
Mykyta: It follows a defined sequence. First, a vulnerability is identified through code and dependency analysis. Then the AI model traces the attack paths and maps out which services are affected. Codex Security generates a proposed remediation patch to make the smallest safe change possible. That patch then goes through automated testing — static analysis, functionality tests, security verification — all inside a sandboxed environment. Only after that does it go to engineers for review and approval before deployment. So it's autonomous in the analysis and proposal stages, but human-controlled at the deployment gate.
7. How does Daybreak position itself against what Anthropic is building in this space?
Mykyta: Anthropic has its own initiative, Claude Mythos, developed under Project Glasswing, which is its entry into AI-assisted cyber defence. Daybreak is essentially OpenAI's direct response to the real race between frontier AI labs in the cybersecurity space. The distinction OpenAI is emphasising is practical enterprise deployment with strong safeguards. They're positioning Daybreak as production-ready and enterprise-grade. Both initiatives are advancing AI-assisted cyber defence and resilience, but their approaches and tooling differ.
8. What does this actually mean for outsourcing and outstaff teams day to day?
Mykyta: For outsourcing companies juggling multiple client projects, Daybreak can make a real difference. You don't need a dedicated security specialist on every engagement because the artificial intelligence runs continuous security reviews in the background, reduces the need for manual penetration testing, and automates security checks throughout each sprint. That means faster delivery and easier compliance for enterprise clients.
For outstaff teams, the benefits are just as tangible. It lowers the learning curve when working with unfamiliar codebases, increases consistency in secure coding across projects, and frees developers to focus on building features rather than running repetitive security checks.
It also fits into existing workflows without disruption, integrating with Azure DevOps, GitHub, and standard CI/CD pipelines out of the box.
9. Are there risks or concerns we should be aware of?
Mykyta: These risks are real and worth taking seriously. The same AI capabilities that help defenders can also be misused if the wrong people get access. Automated systems can also get things wrong. When they act on a false finding, they can cause problems of their own. That's why human oversight isn't a nice-to-have; it's a requirement. Organisations also need to consider the legal and compliance implications before giving any AI system deep access to their code and infrastructure.
10. Looking ahead, where does AI-native security go from here?
Mykyta: The future trajectory indicates that AI agents will participate in software defence as active contributors. Security will embed directly into development pipelines as always-on layer.
Daybreak represents a shift toward autonomous cyber defence ecosystems, where the central question becomes not whether AI will be integrated into security operations, but the extent of its autonomy and the frameworks for responsible governance.
Related insights
The breadth of knowledge and understanding that ELEKS has within its walls allows us to leverage that expertise to make superior deliverables for our customers. When you work with ELEKS, you are working with the top 1% of the aptitude and engineering excellence of the whole country.
Right from the start, we really liked ELEKS’ commitment and engagement. They came to us with their best people to try to understand our context, our business idea, and developed the first prototype with us. They were very professional and very customer oriented. I think, without ELEKS it probably would not have been possible to have such a successful product in such a short period of time.
ELEKS has been involved in the development of a number of our consumer-facing websites and mobile applications that allow our customers to easily track their shipments, get the information they need as well as stay in touch with us. We’ve appreciated the level of ELEKS’ expertise, responsiveness and attention to details.
