/Tech4h ago

Former Semgrep leader Clint Gibler and Michael Aiello join OpenAI to build defensive cybersecurity agents

The initiative will use AI coding agents for vulnerability discovery

1071.2K47126172.7K
Alexander Embiricos
Sherwin Wu
Tibo#774
Original post
Alexander Embiricos@embirico#1919inTech

Incredibly excited for @michaelaiello & @clintgibler to be joining @openai to lead Cyber! Lots to do: make software safe and resilient, build powerful agents for defenders, and build agents we can surely deploy at scale for everyone. Welcome to the team!

michaelaiello@michaelaiello

Career update: I’ve joined @OpenAI to lead Cyber as Head of Product for Cyber, where I’ll be leading OpenAI’s efforts to bring frontier AI capabilities to cyber defenders and help make software safer and more resilient by design. I’ll be teaming up with @clintgibler, an expert engineering and security research leader, who is announcing he is joining today as well.

What is now possible with frontier AI models represents a genuine step change for defenders. I’m particularly excited about the potential to improve how we:

• Analyze code and discover vulnerabilities. Models can reason across large and unfamiliar codebases, identify subtle weaknesses, focus attention on realistic attack paths, and help teams move faster from discovery to validated remediation.

• Investigate incidents and determine root causes. Security teams spend enormous time connecting fragmented signals across code, infrastructure, identities, endpoints, and applications. AI can help bring those events together, form and test hypotheses, and surface root causes faster.

• Orchestrate security work. The opportunity is not only to generate recommendations, but to help defenders safely execute work: validating findings, testing patches, improving detections, gathering evidence, and coordinating remediation.

• Make enterprise AI agents safe and controllable. As agents take on more meaningful work inside organizations, they need secure harnesses: scoped access, isolation, monitoring, verification, auditability, and clear human control. Security must be built into how agents operate from the beginning.

Our work at OpenAI starts from a simple but ambitious premise: the next generation of cyber defense should be integrated into how software is built, not only finding and patching vulnerabilities, but making systems resilient from the start.

With current model capabilities such as GPT-5.5-Cyber, alongside Codex as an agentic harness, we can give defenders more powerful tools while pairing those capabilities with appropriate verification, safeguards, accountability, and control.

Just as importantly, we need to distribute these defensive advantages broadly. Powerful security capabilities should not be limited to the largest organizations with the biggest teams. They should help developers, security practitioners, public institutions, and businesses of every size build and operate more secure systems.

And no single company can accomplish this alone. Security has always been a community effort. I’m looking forward to working closely with leaders and innovators across the cybersecurity ecosystem: vendors, researchers, practitioners, governments, and technology partners. AI will create new security challenges, but it also gives us a remarkable opportunity to strengthen the defensive ecosystem.

I’m grateful to the OpenAI team for the opportunity and excited to get started on a mission that matters deeply to me.

3:54 PM · Jun 10, 2026 · 5.5K Views
Sentiment

Positive users congratulate OpenAI on hiring experienced leaders like Clint Gibler for its cybersecurity team and express excitement about the appointments, while negative users direct hostility and insults at the company and Sam Altman.

Pos
46.9%
Neg
53.1%
18 comments with sentiment.
Cluster Engagement
Posts from X
Most Activity
Most Activity
VIEWS47.4KBOOKMARKS24LIKES550REPLIES25
Tibo@thsottiaux

Welcome Clint and Michael! Incredibly excited to see what we do together to contribute to the cybersecurity field and accelerate defenders across the globe.

It's time to build.

Clint Gibler@clintgibler

Career update: I’ve joined @OpenAI to lead Cyber with @michaelaiello.

Why I joined, and what we’ll be building:

It’s clear that AI is fundamentally changing how software is being written and secured.

Coding agents are writing the majority of code for many developers, software is getting shipped more quickly, and vulnerabilities that were latent for 20 years are being discovered at a rapid pace. The time to bug discovery, and exploitation once discovered, are trending down (H/T @EppSecurity and @gadievron).

I believe we have an unparalleled opportunity to fundamentally 𝘪𝘮𝘱𝘳𝘰𝘷𝘦 cybersecurity in ways that were previously impossible. (H/T @bubblewire’ BSidesSF keynote on reasons for optimism)

Over 6 years at @Semgrep, I had the privilege of working with an amazing team building what has become the most popular open source security code scanning tool in the world, that many companies have built their application security program around.

Now, at @OpenAI, I’m thrilled to be a part of a company helping shape how software is written, and how security work gets done. It is a massive opportunity, and responsibility, and I don’t take that lightly.

Here are my current thoughts about where things are headed:

𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐭 𝐛𝐲 𝐝𝐞𝐬𝐢𝐠𝐧. Defenders are not going to win playing bug whack-a-mole. We need to systematically eliminate classes of vulnerabilities, via generating secure code and streamlining the detect → validate → fix process.

𝐀𝐮𝐠𝐦𝐞𝐧𝐭 𝐚𝐧𝐝 𝐞𝐦𝐩𝐨𝐰𝐞𝐫 𝐩𝐞𝐨𝐩𝐥𝐞. We should build models and tools that give defenders “superpowers,” enabling them to be more ambitious in the scope they tackle, shift from being reactive to proactive, and allow them to automate the drudgery so they can focus on the highest leverage work.

𝐒𝐞𝐜𝐮𝐫𝐞 𝐭𝐡𝐞 𝐜𝐨𝐦𝐦𝐨𝐧𝐬. The world runs on open source software. OpenAI has already spent $Ms finding and patching vulnerabilities in the most popular and widely run software, including browsers, operating systems, and core libraries. More on this soon. We’re also working on helping secure critical infrastructure.

𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐭𝐲 𝐚𝐧𝐝 𝐩𝐚𝐫𝐭𝐧𝐞𝐫𝐬. Securing the world is a community effort. I’m looking forward to partnering with cybersecurity vendors, researchers, practitioners, governments, and more to do together what we can’t do alone.

𝐓𝐢𝐦𝐞 𝐭𝐨 𝐛𝐮𝐢𝐥𝐝. Tactically, here are some domains I’m excited about:

- Finding, validating, and reliably patching software vulnerabilities at scale.

- Eliminating classes of vulnerabilities and making software resilient by design.

- Giving broad access to the best cyber models to empower defenders, not just to a select few.

- Creating and sharing Skills and playbooks that help in many security domains.

- Building platforms that enable defenders to easily orchestrate security work.

- Making enterprise agents safe and reliable.

Time to build 😎

What would help you most? What should we build?

Let me know.

2hViews 47.4KLikes 550Bookmarks 24
RETWEETS30
Clint Gibler@clintgibler

Career update: I’ve joined @OpenAI to lead Cyber with @michaelaiello.

Why I joined, and what we’ll be building:

It’s clear that AI is fundamentally changing how software is being written and secured.

Coding agents are writing the majority of code for many developers, software is getting shipped more quickly, and vulnerabilities that were latent for 20 years are being discovered at a rapid pace. The time to bug discovery, and exploitation once discovered, are trending down (H/T @EppSecurity and @gadievron).

I believe we have an unparalleled opportunity to fundamentally 𝘪𝘮𝘱𝘳𝘰𝘷𝘦 cybersecurity in ways that were previously impossible. (H/T @bubblewire’ BSidesSF keynote on reasons for optimism)

Over 6 years at @Semgrep, I had the privilege of working with an amazing team building what has become the most popular open source security code scanning tool in the world, that many companies have built their application security program around.

Now, at @OpenAI, I’m thrilled to be a part of a company helping shape how software is written, and how security work gets done. It is a massive opportunity, and responsibility, and I don’t take that lightly.

Here are my current thoughts about where things are headed:

𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐭 𝐛𝐲 𝐝𝐞𝐬𝐢𝐠𝐧. Defenders are not going to win playing bug whack-a-mole. We need to systematically eliminate classes of vulnerabilities, via generating secure code and streamlining the detect → validate → fix process.

𝐀𝐮𝐠𝐦𝐞𝐧𝐭 𝐚𝐧𝐝 𝐞𝐦𝐩𝐨𝐰𝐞𝐫 𝐩𝐞𝐨𝐩𝐥𝐞. We should build models and tools that give defenders “superpowers,” enabling them to be more ambitious in the scope they tackle, shift from being reactive to proactive, and allow them to automate the drudgery so they can focus on the highest leverage work.

𝐒𝐞𝐜𝐮𝐫𝐞 𝐭𝐡𝐞 𝐜𝐨𝐦𝐦𝐨𝐧𝐬. The world runs on open source software. OpenAI has already spent $Ms finding and patching vulnerabilities in the most popular and widely run software, including browsers, operating systems, and core libraries. More on this soon. We’re also working on helping secure critical infrastructure.

𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐭𝐲 𝐚𝐧𝐝 𝐩𝐚𝐫𝐭𝐧𝐞𝐫𝐬. Securing the world is a community effort. I’m looking forward to partnering with cybersecurity vendors, researchers, practitioners, governments, and more to do together what we can’t do alone.

𝐓𝐢𝐦𝐞 𝐭𝐨 𝐛𝐮𝐢𝐥𝐝. Tactically, here are some domains I’m excited about:

- Finding, validating, and reliably patching software vulnerabilities at scale.

- Eliminating classes of vulnerabilities and making software resilient by design.

- Giving broad access to the best cyber models to empower defenders, not just to a select few.

- Creating and sharing Skills and playbooks that help in many security domains.

- Building platforms that enable defenders to easily orchestrate security work.

- Making enterprise agents safe and reliable.

Time to build 😎

What would help you most? What should we build?

Let me know.

6hViews 117.6KLikes 546Bookmarks 92
Rob Ragan@sweepthatleg

@clintgibler @OpenAI @michaelaiello Hell yes! This is the kind of leadership we want to see! Take the wheel Clint!

5hViews 824Likes 2Bookmarks 1
John Hammond@_JohnHammond

@clintgibler @OpenAI @michaelaiello 🤩🤩🤩YEAAAAAAH CONGRATULATIONS @clintgibler AND @OpenAI !!! 🤩🥳🎊🎉 THIS IS SO AWESOME!!

5hViews 1.6KLikes 4
Dimitris Papailiopoulos@DimitrisPapail

@TheRealAdamG one emoji away from being sent to Opus 4.8, careful

3hViews 463Likes 9
Freddy₿itcoins 🪽 🚀🦞@FreddyBitcoins

@thsottiaux Shall we reset codex limits ? In honor of them joining? @thsottiaux ??? Asking for a friend

2hViews 232Likes 5
Clint Gibler@clintgibler

@_JohnHammond @OpenAI @michaelaiello Thanks @_JohnHammond!!! 🤩🙏 Stoked to chat with you more about what we can build in the malware analysis and red teaming space 🤓

4hViews 554Likes 6
sarveshsea@sarveshsea

@thsottiaux let’s celebrate? reset rate limits 🤣pls

2hViews 200Likes 6
sarah guo@saranormous

@clintgibler @DanielMiessler @OpenAI @michaelaiello Congrats Clint!

4hViews 2KLikes 4
Ed@Eduardopto

@thsottiaux @grok is any public informational about Clint and Michael?

2hViews 186Likes 1
sarveshsea@sarveshsea

@thsottiaux but actually really looking forward to this, especially transparently without a layer of pretentiousness like some

2hViews 584Likes 4
am.will@LLMJunky

@clintgibler @OpenAI @michaelaiello Congratulations!

Love everything you said.

4hViews 363Likes 4
Romain Huet@romainhuet

@clintgibler @OpenAI @michaelaiello Welcome to the team! Excited to work with you both!

2hViews 240Likes 4
Robertg761@Robertg761_

@thsottiaux Should probably reset to celebrate

2hViews 227Likes 4
'xt0n1 ツ@xt0n1t3ch

@thsottiaux Let's celebrate by resetting the limits!

2hViews 190Likes 4
Rachel Tobac@RachelTobac

@clintgibler @OpenAI @michaelaiello that's what im talking about!!!

3hViews 288Likes 3
zoeyxoxo@KathrynLeon10

@thsottiaux Hope the only thing getting hacked is my coffee schedule, welcome aboard!

2hViews 453Likes 2
Mr Strijker@mrstrijker

@clintgibler @OpenAI @michaelaiello I accidentally mentioned the word sandbox to Fable and it demoted to 4.8, if you can capitalise on this you will win.

4hViews 255Likes 2
Clint Gibler@clintgibler

@sweepthatleg @OpenAI @michaelaiello Haha thanks so much @sweepthatleg! It's an incredible team, I'm honored to be a part of it.

4hViews 644Likes 1
Load more posts