How to Run a Vulnerability Scan on Your Codebase With OpenAI Daybreak

Photo by Artur Shamsutdinov on Unsplash

Running an OpenAI Daybreak vulnerability scan in May 2026 is less like installing a SAST tool and more like onboarding a managed service. You request access, OpenAI provisions your workspace, and Codex Security connects to a GitHub repository before running ten subagents against your code. The actual scanning is automated. The work happens before and after.

This tutorial walks through the request process, the GitHub connection, the threat model that Codex Security builds first, and the human review step that the agent will not skip. It is written for engineering leads and AppSec teams evaluating whether to route real repositories through Daybreak during its current request-only phase.

What Daybreak Actually Does Before You Touch a Repo

Daybreak is not a single model you point at a folder. OpenAI announced Daybreak on May 12 as an initiative built from its Trusted Access for Cyber program, a scheme that reserves access to certain frontier models for a selective number of organizations. Codex Security sits at the center, with three GPT-5.5 tiers governing what the agent is allowed to attempt.

The initiative includes the general-purpose version of GPT-5.5, GPT-5.5 with TAC for verified defensive work in authorized environments, and GPT-5.5-Cyber, alongside Codex Security, a code-review assistant available only as a research preview. Most teams running a vulnerability scan will be operating against the first two tiers. GPT-5.5-Cyber is positioned as a more permissive limited-preview model for red teaming, penetration testing, and controlled validation.

The workflow itself is closed-loop. Codex Security is built around three stages: identification, validation, and remediation. During identification, it analyzes the repository and explores realistic attack paths. During validation, it attempts to reproduce each issue to confirm it is real. During remediation, it generates a concrete patch that teams can review and raise into a pull request.

A quick way to picture the end-to-end flow before you commit a repository:

1. Submit a vulnerability scan request or contact OpenAI sales.
2. Get your workspace provisioned with Codex Cloud and Codex Security access.
3. Connect the GitHub repositories you want scanned at chatgpt.com/codex/security.
4. Wait for the initial threat model and historical scan to complete.
5. Edit the threat model so it matches your real deployment assumptions.
6. Review findings, validation artifacts, and proposed patches before merging.

That sequence is mandatory in order. Steps 4 and 5 are where most teams lose time, and where most of the analytical value of Daybreak actually lives.

Get Past the Request-Only Wall

As of launch, you cannot sign up for Daybreak the way you sign up for a ChatGPT seat. Availability is not fully public yet. Organizations must request a vulnerability scan or contact OpenAI sales. Broader deployment with industry and government partners is planned in the coming weeks.

The entry point is the Daybreak product page, which routes you to either a vulnerability scan request form or a sales contact. Access to the tooling remains tightly controlled for now, with OpenAI urging interested organizations to request a vulnerability scan or contact its sales team. If your organization already has a Trusted Access for Cyber relationship, that vetting accelerates onboarding.

Two practical points the announcement glosses over. First, Codex Security itself is still a research preview, which means features and pricing can change between when you request access and when you actually scan a repo. Second, OpenAI manages the access list directly. OpenAI manages access. If you need access or a repository isn't visible, contact your OpenAI account team and confirm the repository is available through your Codex Web workspace.

For enterprise buyers, Forrester's Jeff Pollard recommended putting someone with cross-functional responsibility for innovation in tech and cybersecurity in charge of evaluating these capabilities first. Treat the request as the start of a pilot, not a procurement.

Wire Codex Security to the Right Repository

Once your workspace is provisioned, the connection itself is mechanical. Go to chatgpt.com/codex/security. Connect and enable the GitHub repositories you want Codex Security to scan. Wait for the initial scan to finish.

The choice of which repository to connect first is the more interesting question. OpenAI's help documentation is explicit: start with a small set of repositories and a dedicated group of reviewers. A focused rollout works best while onboarding and vulnerability sharing are still relatively manual. If you do not use GitHub Cloud today, consider starting with lower-risk or non-production repositories for evaluation. That can help teams build confidence in the workflow before wider adoption.

Access control is enforced at the workspace level, not just by who clicks through the GitHub OAuth prompt. For Enterprise and Edu workspaces, admins can manage Codex Security access in workspace permissions. Codex Security requires both Codex Cloud and Codex Security access to be enabled for the workspace. Access can also be limited to specific roles or groups through RBAC, including SCIM-synced groups.

The non-obvious risk lives here, not in the scan itself. David Stuart of Sentra warned that granting Daybreak agents access to code repositories, infrastructure configs, and build pipelines creates new attack surface. As he put it, "The same access that makes these tools useful also makes them part of the data attack surface. That governance work needs to happen before the agent is deployed." Run your RBAC review before, not after, you point Codex Security at a production repo.

Edit the Threat Model Before You Trust the Findings

The initial scan is not just a grep over your code. When Codex Security connects to a repository, it scans commits in reverse chronological order and builds a codebase-specific threat model. That model captures attacker entry points, trust boundaries, sensitive data, and high-impact code paths, which Codex uses to focus analysis on realistic attack scenarios. Teams can inspect and edit the threat model so it reflects their real deployment assumptions.

This is the step most teams will be tempted to skip. Don't. The threat model is the lens every later finding gets filtered through, and the agent's defaults will not know that your staging environment is internet-exposed, or that one specific service handles unredacted PHI. Refine the threat model as you learn. Small updates to the model can improve context and make findings more precise over time.

Expect the first pass to take a while. Codex Security first builds a threat model for the project and scans repository history for existing vulnerabilities. This can take longer for large projects. Scans of new code are faster.

While the scan runs, Codex Security is doing two things at once: scanning a codebase using Codex Security's 10 subagents, identifying vulnerabilities, fixing them and adding regression tests; and triaging vulnerability backlog, prioritizing vulnerabilities that should be fixed by severity, impact or exploitability.

One consideration that is rarely surfaced in vendor coverage: token economics on large monorepos. Xint.io CTO Andrew Wesie raised this directly, asking how many tokens are burned during Daybreak assessments, what the false positive rate is, and how pricing will work for enterprise code bases that have millions of lines of code, cautioning that without this information it's hard to know if teams should build their AppSec pipelines around monolithic models. Confirm token accounting with your account team before you point Codex Security at a multi-million-line repository.

Read the Findings Like a Triaged Backlog, Not an Alert Stream

When results land, the structure is the point. For each finding, Codex Security can produce attack-path analysis that shows how attacker-controlled input could move from an entry point to a sensitive outcome. It scores that path by likelihood and impact and makes the underlying assumptions visible, which helps teams prioritize realistic risks over isolated alerts.

The validator stage is what separates Daybreak from a traditional SAST run. Before surfacing a finding, Codex Security attempts to reproduce it in an isolated environment. The validator records reproduction results, execution details, and proof-of-concept artifacts so teams can focus on findings that have actually been shown to work.

That shifts the review workflow. Instead of an analyst spending a morning debating whether a static-analysis hit is reachable in practice, the finding arrives with a reproduction artifact attached. The OpenAI pitch is that this collapses triage time. OpenAI claims hours of vulnerability analysis can be reduced to minutes, with Codex Security reasoning across full codebases, validating issues in isolated environments, and proposing patches for human review. Treat that as a vendor claim until your team has measured it against your own repos.

The wider context that justifies this design: AI has compressed the gap between disclosure and exploitation. Security researcher Himanshu Anand, quoted by The Hacker News, captured the dynamic bluntly. In a recent post, Anand said "the 90 day disclosure policy is dead," arguing that when ten unrelated researchers find the same bug in six weeks, and AI can turn a patch diff into a working exploit in 30 minutes, the 90-day window is protecting nobody. Daybreak is engineered for that compressed window, not the old one.

The Human Review Step That Codex Security Will Not Skip

The single most important configuration detail to internalize before deployment: Daybreak does not autonomously commit code. For validated findings, Codex Security proposes a minimal patch that addresses the root cause. It does not automatically modify your code. Instead, the patch is surfaced for human review and can be turned into a pull request in your existing workflow.

This is by design, and it is the boundary you should plan your review process around. Review generated patch PRs with your normal review process. OpenAI also recommends using Codex Code Review on Codex Security PRs so remediation does not introduce regressions.

Closing the loop matters as much as opening it. After a confirmed issue is patched and merged, Codex can revalidate the fix, closing the loop from detection to remediation. Skip the revalidation step and you lose half the benefit of an agent that can reproduce its own findings.

Gartner's John Watts cautioned that Daybreak should be treated as one tool in a longer chain. Organizations still need to fund the rest of the remediation pipeline, including patch testing, deployment, and rollback. Codex Security shortens identification and validation. It does not replace the engineering work of safely shipping a fix.

The Failure Mode Most Teams Will Hit First

The most common failure during onboarding is not a bad scan result. It is a repository that does not show up in Codex Web at all, because the workspace lacks one of the two required entitlements.

The fix is specific: confirm that both Codex Cloud and Codex Security are enabled at the workspace level, and that your GitHub repository is exposed through Codex Web. If a repository isn't visible, contact your OpenAI account team and confirm the repository is available through your Codex Web workspace. Codex Security setup covers setup, scanning, and findings review. If your enterprise uses SCIM-synced groups, the user requesting the scan also needs to be in a role that has Codex Security access granted. RBAC silently filters them out otherwise.

For teams already running Codex agents locally for development work, do not confuse the two products. The Codex agent-approvals page covers how to operate Codex safely, including sandboxing, approvals, and network access. For Codex Security, the product for scanning connected GitHub repositories, see Codex Security. The local sandboxing model and the Daybreak scanning model are separate stacks with separate permissions surfaces.

Where Daybreak Fits Next to the Rest of Your AppSec Stack

The honest framing of Daybreak's role: it is an orchestration layer over your existing tooling, not a replacement for it. Willie Tejada of Aviatrix described it as "OpenAI's bid to own the security developer toolchain the same way GitHub Copilot captured the coding assistant market." The partner list points the same direction. OpenAI is backing the initiative with a partner list including Cloudflare, Cisco, CrowdStrike, Palo Alto Networks, Oracle, Zscaler, Akamai, Fortinet, Intel, Qualys, Rapid7, Tenable, Trail of Bits, SpecterOps, SentinelOne, Okta, Netskope, Snyk, Gen Digital, Semgrep, and Socket, sitting across the full security chain.

If you are weighing AI vulnerability detection for developers against Anthropic's competing initiative, the access model is the clearest practical difference today. Anthropic's Mythos remains tightly invitation-only under Project Glasswing, while Daybreak is publicly requestable. Mythos has a head start on demonstrated impact. In April, Mythos helped Mozilla find and patch 271 vulnerabilities in Firefox.

For a more skeptical look at where AI-generated code creates the very risks Daybreak is meant to close, AnIntent's reporting on vibe-coded apps leaking corporate and medical data is worth reading alongside this tutorial. The pattern Daybreak addresses is largely a pattern AI coding assistants helped create. Related coverage in AI Tools and Privacy & Security tracks the adjacent moves from OpenAI, Anthropic, and the security partner network.

The natural next step after your first scan completes: pick a single high-confidence finding, walk the reproduction artifact end-to-end with your AppSec lead, and decide whether your existing review workflow can absorb Codex Security PRs without rubber-stamping them.