内容来源：https://aibusiness.com/cybersecurity/openai-launches-daybreak-new-initiative-challenge-glasswing

内容总结：

谷歌云赞助报道：生成式AI应用首选应聚焦信息体验提升

在人工智能安全领域，OpenAI于近日推出“Daybreak”计划，旨在通过结合其GPT-5.5模型与Codex安全系统，自动化威胁建模和漏洞修复等工作流程，帮助组织识别和修补代码中的安全漏洞。此举被视为OpenAI对竞争对手Anthropic备受关注的“Project Glasswing”安全项目的回应。

当前，AI安全领域竞争激烈，OpenAI与Anthropic几乎每月都在推出针对网络安全市场的新大型语言模型，如Anthropic的“Mythos”及OpenAI的“GPT-5.5-Cyber”。然而，业界专家指出，尽管Daybreak是提升AI网络安全效能的积极一步，但仅解决代码层面的问题仍显不足。

Terra Security联合创始人兼首席技术官加尔·马拉奇表示，Daybreak为业界提供了“更大的大脑”以及相应的“控制缰绳”，有助于编排和处置漏洞，但并未全面解决当前安全专业人员面临的威胁。他强调，代码仅是生成式AI最常见应用场景之一，大量安全问题发生在代码进入生产环境之后。预生产阶段虽能发现部分漏洞，但优质大语言模型可能产生大量误报；而在实际运行的生产环境中，实时生成的内容更隐藏着难以从代码层面预见的风险。

马拉奇建议，企业应谨慎对待OpenAI和Anthropic等AI实验室推出的此类计划及模型，确保配备合适的工具和安全护栏。他指出，整个行业仍在学习如何妥善运用AI进行安全编码，而对超越纯代码工具的解决方案需求正日益增长。

中文翻译：

由谷歌云赞助
选择你的首个生成式AI应用场景
要开始使用生成式AI，首先应聚焦于能够改善人类与信息交互体验的领域。

尽管Daybreak标志着AI网络安全向更高效迈进，但安全领域仍需更多努力——因为模型常常会制造新的漏洞，使企业暴露于风险之中。

随着越来越多AI供应商试图掌控其技术对网络安全的影响，OpenAI于本周二推出了一项计划，帮助组织识别、修补并验证代码中的软件漏洞。

OpenAI Daybreak将OpenAI的GPT-5.5模型智能与Codex安全功能相结合，以实现威胁建模和修复等流程的自动化。

该计划推出之际，OpenAI与竞争对手Anthropic几乎每月都在展开竞争，双方分别推出Mythos（来自Anthropic）和GPT-5.5-Cyber（来自OpenAI）等新的大型语言模型，瞄准网络安全市场。Daybreak似乎是OpenAI对Anthropic备受瞩目的安全项目“Project Glasswing”的回应。

Daybreak也回应了企业界的一项担忧：许多组织害怕AI模型会发现他们无法修复的漏洞。这种忧虑在近期一则新闻——一名威胁行为者利用AI开发了零日漏洞（一种让网络安全专家来不及修复的威胁）——之后进一步加剧。

“安全正受到高度关注。”Terra Security联合创始人兼首席技术官Gal Malachi表示。

他说，Daybreak这类项目对网络安全社区而言既重要又有益。

“OpenAI的做法是向前迈出的良好一步，因为他们不仅提供了更强大的‘大脑’，还提供了配套的‘约束框架’，让你能够围绕漏洞进行编排和处理。”他补充道。

但Malachi指出，OpenAI的举措并未完全解决网络安全专业人员当前面临的威胁和漏洞。

“它会对大语言模型熟悉的领域有所帮助。”他说。他补充说，Daybreak和Mythos都聚焦于代码，因为代码目前是生成式AI最普遍的应用场景。

然而，“代码从编写到上线过程中会发生很多事情。”Malachi继续说道，他指的是开发阶段中技术被实际使用的节点，而非构建阶段。预生产阶段正是开发者编写应用程序和软件代码的阶段。

“预生产是一回事，是的，你可以在代码中发现某些漏洞或潜在漏洞，但即便如此，优秀的大语言模型也会产生大量误报。”他说，“我们还需要了解系统在运行时的行为；也许有许多问题是你从代码中看不到的。”

鉴于生产环境中的重大风险，如果使用大语言模型，很难准确判断威胁究竟来自何处——因为生成过程是实时发生的。因此，网络安全社区对超越纯代码工具的解决方案的需求正在增长。

“这个行业仍在学习并试图理解如何用AI编码。”Malachi说。他表示，企业应以审慎态度对待Daybreak这类计划以及来自Anthropic和OpenAI等AI实验室的模型，并确保自身具备合适的工具和安全防护措施。

英文来源：

Sponsored by Google Cloud
Choosing Your First Generative AI Use Cases
To get started with generative AI, first focus on areas that can improve human experiences with information.
While Daybreak is a step toward more effective AI cybersecurity, more still needs to be done in the security arena, as models often create new vulnerabilities that leave enterprises exposed.
As more AI vendors seek to control how their technology affects cybersecurity, OpenAI on Tuesday introduced a program to help organizations identify, patch and validate software vulnerabilities in their code.
OpenAI Daybreak combines the intelligence of OpenAI’s GPT-5.5 models with Codex security to automate workflows such as threat modeling and remediation.
The initiative comes as both OpenAI and rival Anthropic compete on an almost monthly basis, targeting the cybersecurity market with new large language models (LLMs) such as Mythos from Anthropic and GPT-5.5-Cyber from OpenAI. Daybreak appears to be OpenAI's answer to Anthropic's much-publicized security-focused Project Glasswing.
Daybreak also addresses a concern in the enterprise: many organizations fear that AI models will uncover vulnerabilities they cannot fix. That worry has multiplied following recent news that a threat actor used AI to develop a zero-day vulnerability, a type of threat that leaves cyber experts with no time to fix it.
“Security is under the spotlight,” said Gal Malachi, co-founder and CTO of Terra Security.
Projects such as Daybreak are important and beneficial to the cybersecurity community, he said.
“What OpenAI did is a good step forward because they're not just giving you a bigger brain, they also give you a harness around that that allows you actually to have an orchestration around and handle vulnerabilities,” he added.
However, OpenAI’s initiative does not fully address the current threats and vulnerabilities facing cybersecurity professionals, Malachi said.
“It will help with something that LLMs are familiar with,” he said. He added that the focus of both Daybreak and Mythos is on code because code is currently the most common application for generative AI. \
However, “a lot of things happen until code reaches production,” Malachi continued, referring to the point in the development stage where the technology is being used and not necessarily the building phase. Preproduction is the phase in which developers build and write code for the application and software.
“Preproduction is one thing, and yes, you can see some vulnerabilities or potential vulnerabilities in the code, but still, good LLMs produce a lot of false positives,” he said. “We also need to understand how systems run in production; perhaps there are a lot of things that you don't see from the code.”
Given the significant risks in production, it's hard to tell exactly where the threat lies if an LLM is used, since generation happens in real time. Therefore, the demand for a possible answer to this problem that is more than a code-based tool is growing in the cybersecurity community.
“The industry is still learning and trying to understand how to code with it,” Malachi said. He said that enterprises should approach initiatives like Daybreak and models from AI labs such as Anthropic and OpenAI with caution and ensure they have the right tools and guardrails in place.