IBM has signed up to OpenAI’s Daybreak Cyber Partner Program, a tie-up the company says will put frontier AI models to work inside corporate security operations.
The partnership comes with a concrete first product: a new application-security service that uses the cyber capabilities of OpenAI’s models to find and confirm software vulnerabilities faster than conventional tools manage.
The pitch, according to IBM, is that the service goes beyond traditional code scanning. Rather than flagging patterns that might be flaws, it uses the AI to reason about an application and then validate whether a suspected weakness is genuinely exploitable, which is the slow and expensive part of security work that human teams usually shoulder.
IBM said the aim is to help enterprises keep pace with threats that now move at machine speed. The promise of validation, in particular, is aimed at a chronic complaint among security teams, that conventional scanners bury them in alerts, most of which turn out to be harmless and few of which can be triaged quickly.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
How the AI gets near sensitive code matters, and IBM was specific about it. The service is delivered through IBM Consulting Advantage, the company’s AI consulting-delivery platform, which connects a client’s application environment to the models in what IBM describes as a controlled, governed way.
That means operating inside the client’s own environment, with read-only access to code repositories and bounded execution, so the AI can examine software without being handed the keys to change it. The service is available now, with further integrations planned under the Daybreak program.
The launch sits alongside a larger and more expensive effort. IBM is also backing Project Lightwell, supported by a $5bn commitment from IBM and Red Hat, which the company describes as an enterprise security clearinghouse staffed by engineers to patch, validate, and manage open-source code across the software supply chain.
Lightwell draws on OpenAI’s cyber capabilities along with other frontier models, and targets the open-source dependencies that sit, often unexamined, beneath most modern software.
The timing fits a year in which AI has become a weapon as much as a shield. Google researchers recently used an AI system to surface a previously unknown zero-day, and Anthropic has reported on models capable of finding bank-grade vulnerabilities.
The same reasoning that lets a model spot a flaw for a defender can, in other hands, help an attacker find it first, which is the logic IBM is selling against.
Vendors and governments alike have been knitting together alliances to keep up. Recent months have brought NATO-aligned cyber partnerships involving the likes of Microsoft and Palo Alto Networks, and consolidation among the tooling makers, including Databricks’ purchase of Panther Labs.
IBM’s move plants one of the oldest names in enterprise computing firmly on the defensive side of that buildout, with OpenAI’s models as the engine.
What comes next is more integration. IBM said additional capabilities will roll out under the Daybreak program over time, which positions the application-security service as the opening move rather than the whole hand.
The Lightwell effort, with its larger budget and supply-chain focus, suggests the company sees the open-source layer as the harder and more consequential problem to solve.
For now, IBM has staked a claim that the AI built to write software can also be turned, at scale, to securing it.
Get the TNW newsletter
Get the most important tech news in your inbox each week.