OpenAI Daybreak and Microsoft MDASH: OpenAI and Microsoft responses to Anthropic's Ai vulnerability hunt arrive

After the uproar raised by Anthropic with the presentation of Glasswing, OpenAI and Microsoft are running for cover by launching, respectively, Daybreak and MDASH, their AI platforms designed to secure companies from cyber attacks.

In both cases, the idea is to have a platform that analyses vulnerabilities in software developed or purchased by companies, verifies their dangerousness, finds a remedy, and finally validates the solution (patch); all this with a speed and effectiveness unthinkable for human teams that have always dealt with these things. OpenAI's service uses the specialised GPT 5.5-Cyber model, while Microsoft's does not depend on a specific model and relies on the work of a team of AI agents sharing tasks. Both follow Anthropic's announcement, a few weeks ago, of Glasswing: the first specialised cybersecurity platform that had attracted a lot of attention because the parent company had described it as 'too dangerous to be made available to everyone' and restricted its use to a handful (which has since become larger) of strategic American companies. One gets an idea of how effective Glasswing is, and what challenges OpenAI and Microsoft have to meet, by looking at what happened with Mozilla. The company that develops Firefox, in fact, released version 150 in May with Glasswing's support. The result: they fixed 157 vulnerabilities compared to the only 31 they had managed to fix in the version of Firefox released in May last year.

Daybreak hopes to do even better than Glasswing due to its very different approach. While Glasswing is a system heavily focused on discovering vulnerabilities and how to chain them together to arrive at breaches (thus great for orchestrating attacks), OpenAI's Daybreak was created as an AI infrastructure designed to integrate directly into corporate DevSecOps processes, those that control the software produced and used in the company. Its strength is to perform contextual analyses of repositories, integrating a large number of variables, up to the controlled simulation of attacks and offensive techniques, with the specific objective of drastically reducing the time between the discovery of a vulnerability and its correction. All this while keeping to zero, or almost zero, the number of false positives, a real cross that wastes a lot of human analysts' time.

While Anthropic and OpenAI use their own frontier models to create their cyber defence platforms, Microsoft seeks a different path, probably motivated by not wanting to remain inextricably tied to an external vendor. MDASH, in fact, uses multi-agent and multi-model systems to simulate a kind of coordinated 'AI security team', in which agents collaborate and monitor each other's analyses to increase accuracy and reliability. According to Microsoft, the system uses multiple specialised agents playing different roles: some analysing suspicious code paths, others trying to invalidate previous assumptions, others checking the real exploitability of the vulnerability, and so on. In practice, the AI does not operate as a single 'researcher', but as a coordinated team of agents undergoing a kind of automated peer review. Again, the goal is to drastically reduce false positives, and Microsoft claims that MDASH has achieved particularly high results in public benchmarks, with a score of 88.45 per cent on the CyberGym benchmark covering 1,507 real open source vulnerabilities, as well as the identification of 16 new vulnerabilities within the Windows networking and authentication stack. This approach appears very close to the future agent SOC architectures that Microsoft is also developing in the rest of the Defender and Agent 365 ecosystem and looks promising from a results perspective.

The proliferation of AI platforms dedicated to cybersecurity was behind Anthropic's decision not to publicly release Glasswing. The aim was to allow 'strategic' companies to test their software and operating environments with Anthropic's system before the same functionalities became available to a wider public and thus also to criminals. The plan did not work very well right from the start. On 21 April, in fact, it was reported by Bloomberg that some unauthorised persons had gained access to Mythos (the frontier model underlying Glasswing) and had been using it regularly ever since, but the arrival of OpenAI's Daybreak, which will in any case only be available to companies 'authorised' in advance to use it (among them European banking companies), and immediately afterwards of MDASH increases concern about the availability of such powerful tools for criminal intentions. During a chat I had in Las Vegas a couple of weeks ago with Sandra Joyce, VP of Google Threat Intelligence and a leading figure in cybersecurity, it emerged that vulnerability-hunting capabilities are present in practically all currently available LLMs, as an emanation of the part that deals with creating code, and that many of Glasswing's competitors would be arriving soon. The real difference, Joyce said, would be how these models and platforms would deal with the problems because at the moment the number of AI attacks was very low, but she said she was convinced it would grow in a short time. Once again, the speed of development of AI amazes everyone: are we already close to systems capable of autonomous attacks on companies? We don't know, but in the meantime, even the Chinese company Qihoo 360 (360 Digital Security Group) claims to have a system available that can compete with Glasswing, and this can only prelude an 'escalation' that is perhaps faster than expected.