OpenAI Daybreak offers AI for pre-deploy crypto security

OpenAI introduced Daybreak on May 11, presenting an AI system intended to find, validate and help fix software vulnerabilities before attackers can exploit them. The company described the approach as making software “resilient by design” and said the tooling moves security earlier in the build cycle through AI-assisted code review, threat modeling, patch validation and dependency analysis.

Daybreak is designed to reason across entire codebases, flag subtle vulnerabilities, validate that fixes close the underlying issue and integrate those checks into standard build-and-deploy workflows. OpenAI described the product as including scoped access, verification, misuse monitoring and stronger account controls to limit the risk that the capabilities could be repurposed by attackers.

Data for the crypto sector shows most losses come from infrastructure and operational failures rather than contract code. TRM Labs’ 2026 Crypto Crime Report found illicit actors stole $2.87 billion across nearly 150 hacks and exploits in 2025. The report attributed $2.2 billion of those losses to infrastructure attacks such as compromised keys, wallet infrastructure, privileged access and front-end or control-plane compromises. Code exploits accounted for about $350 million, roughly 12.1% of the total.

Hacken reported that Web3 lost $482 million across 44 incidents in the first quarter of the year. Six of those incidents involved audited protocols, and one protocol reportedly had 18 separate audits. Hacken also noted a $282 million theft that bypassed the contract layer entirely by compromising operational and social infrastructure.

CertiK reported 34 verified physical coercion incidents between January and April 2026, a 41% increase from the same period in 2025, with estimated losses of about $101 million. At that pace, CertiK projected roughly 130 such incidents by the end of 2026.

Applying Daybreak to crypto security would involve several operational functions. AI-assisted secure code review before and during deployment would check contract logic, access controls and unsafe assumptions. Continuous threat modeling tied to protocol upgrades would evaluate how architecture changes, oracle links, bridge designs or governance mechanics create new attack surfaces. Dependency and oracle risk analysis would flag third-party integrations that weaken a protocol’s security model.

Daybreak’s patch validation capability would test proposed fixes before governance votes, checking that changes close the vulnerability and remain safe under adversarial conditions. Regular privileged-access reviews would examine multisigs, signers, custody systems, admin keys, cloud-console access and front-end deployment permissions. Enhanced monitoring for abnormal transactions, suspicious signer behavior or unusual front-end changes aims to reduce the time between detection and response.

OpenAI also warned that the same capabilities could be used by attackers to automate phishing, clone front ends and scale social engineering, and indicated that the product will be paired with verification, scoped access and misuse monitoring. The company presented the controls as part of the product design while describing the technical checks it plans to provide defenders.