IBM collaborates with OpenAI's cyber initiative to incorporate advanced AI into enterprise security.

      IBM has joined OpenAI’s Daybreak Cyber Partner Program, an alliance that the company claims will leverage advanced AI models in corporate security operations.

      This partnership introduces a specific initial product: a new application-security service that utilizes OpenAI’s cyber capabilities to identify and verify software vulnerabilities more quickly than traditional tools. According to IBM, this service surpasses typical code scanning by using AI to analyze an application and confirm whether a suspected vulnerability is truly exploitable. This validation process, which is often slow and costly for human teams, aims to alleviate the burden on them.

      IBM’s goal is to assist enterprises in keeping pace with threats that now operate at machine speed. The validation feature particularly addresses a common frustration among security teams—traditional scanners inundate them with alerts, the majority of which are harmless and few of which can be triaged efficiently.

      IBM details how the AI accesses sensitive code, stating that the service is provided through IBM Consulting Advantage, the company’s AI consulting platform, which links a client’s application environment to the models in a controlled manner. This means it operates within the client’s own environment, with read-only access to code repositories and limited execution, allowing the AI to examine software without the ability to modify it. The service is currently available, with additional integrations expected under the Daybreak initiative.

      This launch coincides with a larger and costlier effort. IBM is also supporting Project Lightwell, backed by a $5 billion investment from IBM and Red Hat. This project is characterized as an enterprise security clearinghouse, staffed by engineers who will patch, validate, and manage open-source code throughout the software supply chain. Lightwell utilizes OpenAI’s cyber capabilities along with other advanced models, focusing on the often-overlooked open-source dependencies that underlie most modern software.

      The timing of this initiative corresponds with a year where AI serves both as a weapon and a defense. Recently, Google researchers employed an AI system to discover an unknown zero-day vulnerability, while Anthropic has reported on models adept at finding bank-grade vulnerabilities. The same capabilities that enable a model to identify a flaw for defenders can also assist attackers, which is the concern IBM is addressing.

      Vendors and governments are forming alliances to keep pace with these developments. Recent months have seen the emergence of NATO-aligned cyber partnerships involving companies like Microsoft and Palo Alto Networks, along with consolidation among toolmakers, exemplified by Databricks’ acquisition of Panther Labs.

      IBM's move firmly establishes one of the oldest names in enterprise computing on the defensive front of this expansion, powered by OpenAI’s models. Looking ahead, IBM stated that more features will be introduced over time under the Daybreak program, indicating that the application-security service is just the initial step rather than the complete strategy.

      The Lightwell initiative, with its larger budget and focus on the supply chain, suggests that the company regards the open-source layer as a more challenging and significant problem to tackle. For now, IBM has claimed that AI built for software development can also be scaled to enhance its security.