OpenAI has launched Daybreak, an AI-powered cybersecurity program designed to find software vulnerabilities before attackers do. For fintechs and banks running on legacy code under increasing attack pressure, this is the development that changes the calculus. Corporate and government partners are already lining up.
The announcement puts OpenAI in direct competition with Anthropic’s Project Glasswing. A quiet war between the two most capable AI labs on earth just got louder. Frontier AI is coming for the security sector, and it is moving fast.
READ: Google DeepMind Workers Unionize Over Pentagon AI Deal
OpenAI Daybreak Takes on Anthropic’s Glasswing Model
Anthropic launched Project Glasswing last month alongside its Claude Mythos model, a system its creators considered too capable to release publicly. OpenAI’s Daybreak now enters that same space with a strikingly different posture.
Where Glasswing rolled out behind closed doors and caused several governments to call emergency briefings, Daybreak opens with two public buttons: “Request a vulnerability scan” and “Contact sales.” OpenAI CEO Sam Altman said the company wants to “start working with as many companies as possible now.” OpenAI is not pretending this is classified. The form to request a scan takes under a minute to fill out.
Three model tiers power the program. General-purpose security work runs on GPT-5.5. Defensive workflows use GPT-5.5 with Trusted Access for Cyber. Red teaming and penetration testing run on GPT-5.5-Cyber, the sharpest edge of the stack.
READ: AI Ethics, Religion, and Why You Can't Leave It to Silicon Valley
Codex Security Powers the Vulnerability Hunt
The technical core of Daybreak is Codex Security, which OpenAI put into research preview in March. The system builds a complete threat model of a given codebase, mapping what the software does, who it trusts, and where it breaks under pressure.
From there, Daybreak digs directly into the actual code to find real-world exploits. High-priority vulnerabilities are analysed in sandboxed environments, giving security teams confirmed findings rather than a queue of noise. Detection and response run on automation rails, which means engineers spend time on judgment calls rather than triage.
Cloudflare CTO Dane Knecht said OpenAI’s approach brings stronger reasoning and more agentic execution into security workflows, a meaningful step forward for teams deploying frontier models to improve their security posture.
The distinction between Daybreak and Glasswing is meaningful. Glasswing focuses on detecting and neutralising high-severity vulnerabilities after they exist. Daybreak pushes earlier; it aims to build security into software from the first line of code and monitor continuously for new exposure.
READ: Meta's $145B AI Push Is Making Your Gadgets Pricier
What This Means for Nigeria’s Tech Infrastructure
Nigeria’s digital economy grew fast over the past four years. The country now runs dozens of licensed fintechs, a growing cloud infrastructure sector, and government systems processing millions of transactions daily. Nigerian organisations across banking, fintech, and government have faced sustained cyberattack pressure, and most of those attacks exploited unpatched software vulnerabilities.
Daybreak’s model is directly relevant to that problem. A mid-sized Nigerian fintech running on a legacy codebase could request a Daybreak vulnerability scan today. The question is cost and access. OpenAI’s partner list currently skews toward large Western enterprises and government agencies.
Nigerian security teams should watch how Glasswing and Daybreak onboard their first wave of non-US partners. Both programs mark a shift. AI handles the rote work of mapping attack surfaces. Human teams get the evidence-backed findings and make the calls. That model could be transformative for security teams operating lean, a reality most African tech companies know well.
Two of the world’s most capable AI labs now have active, competing cybersecurity programs. The question is no longer whether AI reshapes security; it is who gets there first and on whose terms. Nigerian security teams that move early, requesting scans, tracking partner announcements, and lobbying for access, will not be waiting for the next major attack to find out where their code breaks.
Want the AI and cybersecurity stories that matter to African tech teams, before everyone else covers them? The GizPulse newsletter lands in your inbox every week.
