OpenAI has just expanded its Daybreak cybersecurity programme with a wider release of GPT-5.5-Cyber — a model built to find software vulnerabilities and, in the new part, write and test the patches for them, as reported by IT Brief Asia. It also launched an open-source fix-it effort called “Patch the Planet” and named Australia as one of its trusted government partners for cyber work.

For wealth management and financial advice firms, this cuts both ways. Defenders get faster at closing security holes — but attackers get the same speed at finding them. If your firm holds client portfolios, tax file numbers and identity documents, you’re a high-value target operating under APRA CPS 234 and the Privacy Act. “We hadn’t patched it yet” is not a line you want to give a regulator, an auditor, or a client.

What this means for your firm

The takeaway isn’t to rush out and buy an AI tool. It’s that the window between a flaw going public and being exploited keeps shrinking, so your patching and vulnerability management need to be tight and boringly reliable. Ask your IT provider two straight questions: how quickly do critical patches actually get applied across every device, and who is watching for new vulnerabilities in the platforms you depend on — Xplan, IRESS, Microsoft 365, your VPN?

This is the unglamorous work we do for financial services firms every day: patching on a schedule, monitoring for new threats, and keeping the evidence regulators expect to see. AI changes the speed of the game. It doesn’t change the fundamentals.