IBM expands AI security push as cyberattacks accelerate

IBM will expand its AI cybersecurity efforts as security executives warned that frontier AI models have sharply accelerated the pace at which attackers can identify and exploit software vulnerabilities.The company hasjoinedProject Glasswing, a security initiative with Anthropic and other technology firms focused on protecting critical software infrastructure. IBM also expanded its broader AI security efforts this week, including new tools designed to automate vulnerability detection and response.“Through this work, we’ve been hardening our own products, contributing fixes back to open source, and sharing findings and best practices with other participants,”Jamie Thomas, Chief Client Innovation Officer and Enterprise Security Executive at IBM, wrote in ablog post. “This reflects a broader, sustained approach to building resilience against rapidly evolving AI-driven threats.”Project Glasswingbrings together AI companies, software makers and cybersecurity firms to find vulnerabilities in widely used software before attackers do. The group shares research, coordinates fixes and helps push security patches into open-source projects used across the tech industry.

Pressure on security teams has mounted over the past year as generative AI systems have become more capable of analyzing software code and mapping out attack paths. The2026 Threat Intelligence Indexfound a 44% year-over-year increase in the exploitation of public-facing applications, with adversaries aided by AI in their discovery and compromise of software vulnerabilities.“The fundamental change is that the frontier model AI capabilities are allowing security vulnerabilities to be discovered, chained together and exploit paths developed,”Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM, toldIBM Thinkin an interview. “The ability now for these models to discover and work out how to exploit vulnerabilities has massively shortened.”Researchers and tech leaders use the term “frontier models” to describe advancedgenerative AIsystems capable of coding, reasoning and software analysis.Collaboration between AI companies and software vendors has become increasingly important as attack timelines compress, Hughes noted. “You need AI model companies, software vendors and security firms working together in a coordinated way so organizations can identify vulnerabilities and actually respond to them,” he added.

Technology companies have increasingly turned to AI systems todefend againstAI-powered attacks.IBM said it has started integrating AI systems intovulnerability analysis, remediation prioritization, software testing and response coordination. The company also said it uses AI code assistants to automate portions of testing andpatch managementworkflows.“IBM takes a multi-model approach to security,” Thomas wrote in the blog post. “We’ve applied AI models, including frontier models such as Claude’s Mythos Preview to these capabilities across our defenses.”Claude’s Mythosbelongs to a new category of AI systems designed for cybersecurity analysis. Security-focused models can help researchers identify vulnerabilities, analyze malware andsimulate attacksagainst enterprise environments.Hughes said AI has dramatically shortened the window between vulnerability disclosure and exploitation.“The time [it took] to exploit published vulnerabilities a year ago was 23 days on average,” Hughes added. “Now, using some of these frontier models, that’s gone down to nine hours. So this is real.”IBM said companies need to automate more of the vulnerability-response process as attacks become more sophisticated. The company also pointed tozero trustsecurity systems, which continuously verify users and devices instead of assuming anything inside a network is automatically safe.Another piece of the strategy involvesIBM Autonomous Security, a platform that uses AI agents to automate parts of threat detection and response.“It won’t be simply a question of waiting for a patch to appear,” Hughes said. “A lot of the response here is about making sure that the existing security controls now operate much more effectively and much faster than they have done before.”