IBM expands AI security program

IBM said Tuesday it is expanding its enterprise AI security program and tying that effort to Anthropic’s Project Glasswing, a broader industry initiative aimed at defending critical software infrastructure. The company said the expansion brings together IBM Concert, Secure Coder, IBM Consulting and an autonomous security service as customers move AI systems into production across applications, infrastructure and networks. (newsroom.ibm.com) Anthropic launched Project Glasswing on April 7, describing it as an effort to secure critical software with early access to Claude Mythos Preview, a model the company says is unusually capable at cybersecurity tasks. (anthropic.com) The announcement places IBM inside a growing group of large technology and security companies working on model-era cyber defense. (newsroom.ibm.com) Anthropic says Glasswing’s launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA and Palo Alto Networks, and that it has also extended access to more than 40 additional organizations that build or maintain critical software infrastructure. ### What exactly did IBM announce on May 19? IBM said May 19 that it had expanded “its enterprise security program for the AI era” and was partnering with Anthropic as a member of Project Glasswing. In the same release, IBM said it is putting a set of AI security products and services in front of clients as attackers use frontier AI for reconnaissance, vulnerability discovery and exploitation. (newsroom.ibm.com) Rob Thomas, IBM’s senior vice president for software and chief commercial officer, said AI-powered attacks have “already moved beyond what traditional defenses can match.” Thomas said IBM is using Project Glasswing work both to help clients assess exposure and to harden IBM’s own products while contributing fixes back to the open-source community. (anthropic.com) ### What is Project Glasswing, and why is Anthropic involved? Anthropic said Project Glasswing is an initiative to secure “the world’s most critical software for the AI era.” The company said the program gives defenders early access to Claude Mythos Preview and is meant to let participating organizations use that model in defensive security work while Anthropic shares lessons with the wider industry. (newsroom.ibm.com) Anthropic said it committed up to $100 million in usage credits and $4 million in donations to open-source security organizations to support the work. The company said no single organization can handle the shift alone and described the effort as a coordinated response involving model developers, software companies, security researchers, open-source maintainers and governments. (newsroom.ibm.com) ### What tools is IBM putting into this program? IBM said IBM Concert uses AI to help organizations find and fix vulnerabilities by combining application, infrastructure and network signals into a single operational view. The company said Concert Secure Coder extends those capabilities into a developer’s integrated development environment, where it can detect and prioritize risks and generate remediations as code is written. (anthropic.com) IBM also said IBM Consulting will help clients redesign vulnerability and open-source management for shorter response timelines, and that IBM Autonomous Security will provide coordinated detection, decision-making and response through a multi-agent service. IBM said Red Hat’s open-source role is part of the broader effort to reduce risks tied to unsupported code. (anthropic.com) ### Why are companies treating this as urgent now? Anthropic said on April 7 that Claude Mythos Preview had shown an ability to identify and exploit zero-day vulnerabilities in every major operating system and every major web browser during testing. The company said more than 99% of the vulnerabilities it found had not yet been patched, which is why it was limiting disclosure and restricting release. (newsroom.ibm.com) IBM said Tuesday that attackers are already using frontier AI across the attack lifecycle, from reconnaissance to exploitation. That framing — and IBM’s decision to connect customer-facing security products to Glasswing — shows how large vendors are packaging AI security as an operational issue spanning code, infrastructure and production systems. That characterization is based on the companies’ announcements and product descriptions. (newsroom.ibm.com) ### What comes next for customers and participants? IBM said the expanded portfolio is available to clients now through its security products, consulting arm and business partners. Anthropic said Glasswing participants will keep using Claude Mythos Preview in defensive security work and that the company will continue sharing what it learns with the broader industry, alongside support for open-source security groups. (red.anthropic.com) (newsroom.ibm.com)