Dive Brief:
- OpenAI on Monday launched a new cybersecurity initiative called Daybreak, which uses its large language models, Codex’s agentic capabilities and security partners to root out risk and call defense into action. The rollout is OpenAI’s answer to Anthropic’s Mythos model which debuted to limited preview last month and has highlighted weak security spots in software across various industries.
- Like with Anthropic’s Project Glasswing, which sought tech vendors to support Mythos, OpenAI will work with industry and government partners to deploy cyber-capable models that are meant to build autonomous cyber defense capabilities into software from the start. Cloudflare, Cisco, CrowdStrike, Oracle and Zscaler are among a group of companies already using the technology, OpenAI said. Unlike Mythos, Daybreak is publicly available, and companies can request an assessment of their security risks.
- As AI providers compete for their share of the enterprise market with cybersecurity tools, tech leaders should experiment with all of their options, said Jeff Pollard, VP, principal analyst at Forrester, in an email to CIO Dive. “Take someone with responsibility for innovation in tech and cybersecurity and have them play with these capabilities to see what they offer,” he said.
Dive Insight:
Anthropic’s Mythos put the SaaS world on pause last month as a preview of the technology revealed major existing vulnerabilities in the world’s software infrastructure. It raises a growing concern about how AI is accessing information and how capable companies are in defending against risk.
“What we know is that AI can help solve problems, and the lag time between finding, developing fixes and deploying fixes takes way too long,” Pollard said. “Especially when adversaries use AI to scale attacks. This is a way to use AI to help on that front.”
Daybreak is meant to work in three stages, OpenAI said. First, it prioritizes high-impact threats with AI reasoning and token usage; then, it generates and tests risks directly within an enterprise with scoped access, monitoring and review. The final stage involves sending audit-ready evidence to help enterprises track, validate and remedy the vulnerability.
OpenAI’s Daybreak competes more directly with application security, posture management and AI-enabled application security testing capabilities, said John Watts, VP analyst at Gartner, in an email to CIO Dive.
“We believe that it will complement usage of these tools rather than fully replace them,” Watts said. “Organizations must deploy resources across the entire remediation kill chain, including patch testing, deployment and roll-back, to reduce impact to operations when patching rather than solely on [application security agent] Codex Security.”
For enterprise tech leaders, it’s time to reevaluate security tech portfolios and consider what the AI providers are offering in comparison with legacy cybersecurity vendors, Pollard said.
He added that it’s important to remember that AI companies need people to consume their products, buy subscriptions and use tokens.
“This is one way to accomplish that,” he said. “And the simultaneous announcements of consulting firms for enablement shows that AI companies want to do the AI, not the enablement work that comes along with it.”
OpenAI launched a standalone consulting business on Monday to provide organizations with AI adoption assistance and to send teams of forward-deployed engineers into the field and deepen its bench of AI talent via acquisitions. Last week, Anthropic launched its own enterprise AI services company with a slate of private equity companies.
