Proofpoint joins OpenAI Daybreak for cyber defence

Proofpoint has joined OpenAI's Daybreak Cyber Partner Program, putting the cybersecurity company among a small group of firms selected to use OpenAI models in defensive security work.

Under the arrangement, Proofpoint will use GPT-5.5 within its own products, services, and managed security workflows rather than giving customers direct access to OpenAI's models. The technology will be applied to threat investigation, alert enrichment, intelligence analysis, and incident response.

The partnership reflects a broader shift in cybersecurity as companies turn to artificial intelligence to manage a growing volume of attacks and data. Security teams are under pressure to investigate incidents more quickly and navigate increasingly complex threats, especially as attackers adopt AI tools.

Proofpoint's work in the Daybreak program will focus on customer-facing defensive uses. That includes embedding the model in existing managed processes so analysts can move faster on triage and response tasks that have traditionally relied heavily on manual review.

The company is also expanding Satori, its agentic AI portfolio for security operations. Proofpoint already uses OpenAI models within Satori and said GPT-5.5 could broaden what those tools can do for teams dealing with targeted and unfamiliar attacks.

Defensive focus

OpenAI's Daybreak Cyber Partner Program is designed for cybersecurity companies using advanced AI in defensive settings. For Proofpoint, the emphasis is on using the model inside controlled workflows managed by the company, a structure intended to limit direct exposure while still bringing AI into customer operations.

The setup also addresses a central market concern: how to deploy AI in security without creating new risks. Proofpoint and OpenAI said they will work on governance, monitoring, safety controls, and abuse prevention as part of the partnership.

Those issues have become more pressing as organisations adopt AI rapidly across business functions. In cybersecurity, that tension is especially clear because the same advances that help defenders sift through evidence and automate repetitive tasks can also help criminals create more convincing phishing campaigns, speed up reconnaissance, and adapt attacks more quickly.

Proofpoint's customer base gives some indication of the scale at which it intends to apply those systems. It works with more than 80 of the Fortune 100, more than 14,000 large enterprises, and millions of smaller organisations across email, cloud, and collaboration platforms.

Operational pressure

For security teams, the main challenge is often not a shortage of alerts but an excess of them. AI tools are increasingly being positioned as a way to prioritise events, add context to warnings, and reduce the time analysts spend moving between raw data, threat intelligence, and response steps.

Proofpoint said the Daybreak work could support faster threat investigation and analysis, improved alert prioritisation, quicker incident triage, stronger threat intelligence contextualisation, greater scale for managed security operations, and higher productivity for analysts. Those uses sit squarely in the back-office mechanics of cyber defence, where labour shortages and alert fatigue have long been persistent problems.

Ryan Kalember, Chief Strategy Officer at Proofpoint, said the company sees the technology as a practical way to strengthen these tasks.

"Organisations are looking for practical ways to apply AI to strengthen cyber defence while maintaining strong governance and safety controls," said Ryan Kalember, Chief Strategy Officer at Proofpoint. "By incorporating GPT-5.5 into Proofpoint's products, services, and AI-powered security workflows, we can help security teams improve threat investigation, decision-making, and efficiency as they protect their people, data, and AI agents. This includes expanding capabilities across innovations such as Proofpoint Satori, our agentic AI solutions designed to reduce operational burden and help security teams adapt more quickly to evolving threats."

The announcement highlights how AI suppliers and cybersecurity vendors are tightening ties as customers demand more automation but remain wary of handing too much control to external systems. Rather than opening general access to models, companies are increasingly packaging them inside managed environments with tighter oversight and narrower use cases.

That approach may prove important as regulators and large corporate buyers scrutinise not only what AI systems can do, but how they are governed. In cybersecurity, where a faulty decision can disrupt operations or expose sensitive data, the balance between speed and control is likely to shape adoption as much as model performance itself.

Proofpoint said its work with OpenAI will aim to ensure AI is used in ways that strengthen defenders while maintaining security, accountability, and responsible deployment.