NCC Group joins OpenAI Daybreak cyber partner programme

NCC Group has joined the OpenAI Daybreak Cyber Partner Program, giving it access to a version of GPT-5.5 configured for cyber resilience research.

Its technical teams will assess the model and provide feedback to OpenAI, starting with internal research using security testing data. The work is research-led and will take place in controlled environments with governance and safeguards.

NCC Group is among a limited group of organisations invited by OpenAI to test and apply its cyber-focused artificial intelligence tools. Through Daybreak, OpenAI is working with security software and services providers on defensive uses of advanced models while restricting direct access to approved partners.

Under the arrangement, NCC Group will use a variant of GPT-5.5 tailored to explore cyber resilience use cases. The research may inform how artificial intelligence could be applied in its services for experienced defenders, particularly in identifying vulnerabilities, refining security workflows and supporting remediation work.

OpenAI has framed Daybreak around a shift in cyber security, arguing that advances in artificial intelligence have made vulnerability discovery easier and moved the main constraint towards patching and remediation. Its broader Daybreak effort includes tools intended to help defenders validate vulnerabilities, generate fixes and integrate those fixes into development and security processes.

OpenAI said the full version of GPT-5.5-Cyber is being released on a limited basis to trusted defenders. It said the model scored 85.6% on CyberGym, compared with 81.8% for GPT-5.5, and also outperformed GPT-5.5 on ExploitGym and SEC-bench Pro, two security benchmarks focused on exploitation and vulnerability discovery tasks.

NCC Group said the new access builds on its cyber security research work. It devotes more than 1,000 days each year to research and contributes tools, advisories and other findings to the wider security community.

Research focus

For NCC Group, the immediate focus is internal testing rather than customer deployment. Its teams will examine the model using security testing data and feed their findings back to OpenAI, a process that could shape how such models are used in defensive cyber work.

The move also reflects a wider push among security companies to understand how large language models can be integrated into established investigation and response workflows. In practice, that means not only finding flaws in software but also determining whether they are exploitable, assessing their relevance, proposing patches and helping engineers verify the result.

Daybreak is intended to extend defensive access to advanced cyber tools through selected partners rather than broad direct availability. Participating partners can use GPT-5.5 with Trusted Access for Cyber in the products and services they offer customers, while OpenAI works with them on safeguards, monitoring and abuse prevention.

Industry context

The programme is part of a wider race among technology and security groups to apply generative artificial intelligence to software assurance and cyber defence. Security teams have long used automation to scan code and monitor systems, but newer models are being tested on more complex tasks such as tracing attack paths across large codebases, distinguishing false positives from genuine weaknesses and producing draft patches.

OpenAI said its tools have already been applied in work involving major browsers, network infrastructure and operating systems including FreeBSD and the Linux kernel. It also launched Patch the Planet with Trail of Bits, HackerOne and Calif to help open-source projects move from reported flaws to tested fixes.

That initiative reflects a practical problem for maintainers and software teams. As automated systems surface more potential issues, organisations still need people and processes to validate reports, prioritise them and land safe fixes in production environments.

NCC Group's participation may also strengthen its position in advisory work on artificial intelligence and cyber security for large businesses and governments. It said it was chosen because of its record in security research and its ability to study frontier AI technologies responsibly.

Mike Maddison, Chief Executive Officer, NCC Group, said: "Through our participation in the OpenAI Daybreak Cyber Partner Program, NCC Group is researching ways to apply GPT-5.5 capabilities to our services to help experienced defenders discover vulnerabilities, strengthen security workflows, and improve resilience for clients. We'll bring our deep expertise and experience to help shape how these technologies are safely deployed, while helping to strengthen the resilience of the global software ecosystem and working to create a more secure digital future for everyone."