Exclusive: IBM launches $5 billion AI push to combat cyber threats
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Allie Carl/Axios
IBM is investing $5 billion and deploying more than 20,000 engineers to help secure open source software, according to an announcement shared first with Axios.
Why it matters: AI is supercharging cyberattacks, pushing companies to adopt the same technology to defend against threats.
Driving the news: "Project Lightwell" — the new initiative by IBM and Red Hat, its open source software subsidiary — uses frontier AI capabilities to establish a "clearinghouse" to identify and fix vulnerabilities at scale.
IBM and Red Hat's new "Project Lightwell" uses frontier AI capabilities to establish a "clearinghouse" to identify and fix vulnerabilities at scale.
- Bank of America, JPMorganChase, Visa, Mastercard, Wells Fargo and Morgan Stanley are early adopters of the platform.
How it works: Red Hat's cyber tools have focused on software running within Red Hat platforms.
- Project Lightwell expands those protections to a broader set of open source technologies, including AI frameworks, coding libraries and data streaming platforms such as Apache Kafka.
- Part of the $5 billion is going toward the 20,000 engineers, who are all current IBM employees and will be dedicated to the project full-time.
What we're watching: IBM CEO Arvind Krishna said he expects the government to be very interested in a solution like Project Lightwell: "We believe that at least some people in the government are looking for the private sector to step up with an answer like this."
- "Over the last few weeks, ever since Mythos came out, there have been a lot of conversations with very senior levels of the government. We did put forward that something like this could be one of the potential responses, so that has been discussed," Krishna said.
- The White House last week pulled an AI executive order following internal disagreements over how exactly to address cybersecurity fears and to what extent AI should be regulated.
- Krishna said he also expects the project to expand beyond the financial sector in a matter of days or weeks, not months.
The big picture: More than 90% of Fortune 500 companies rely on open source software, while the AI boom has fueled a dramatic increase in the volume of open source code.
- AI labs are leveraging their frontier models in response: earlier this month, Anthropic said Mythos identified thousands of severe vulnerabilities.
- IBM said that it draws on work from Anthropic and OpenAI's respective cyber initiatives, Project Glasswing and Trust Access for Cyber.
- "We're coming with probably 100 times more knowledge of how to secure open source than anybody else on the planet," said Krishna.
