News

IBM Expands AI Security Push as Cybersecurity Industry Grapples With Autonomous Threats

• By John K. Waters
• 05/20/2026

IBM on Monday announced an expanded portfolio of AI-powered cybersecurity products, positioning the company to compete more aggressively in a rapidly evolving market where enterprises are increasingly turning to artificial intelligence to defend against automated cyber threats.

The company said the new offerings are designed to help organizations improve threat detection, automate parts of security operations, and strengthen vulnerability management as cyberattacks become more sophisticated and harder to contain.

IBM said its security portfolio is also being strengthened through ongoing work connected to Project Glasswing, an industry initiative launched by Anthropic earlier this year to identify and fix critical software vulnerabilities using frontier AI systems.

Project Glasswing has drawn participation from companies and organizations, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, and the Linux Foundation.

According to Anthropic, the initiative gives selected organizations access to advanced AI models capable of identifying software vulnerabilities at a scale that human security teams struggle to match.

The broader cybersecurity industry has increasingly warned that advances in generative AI could simultaneously accelerate both cyber defense and cyber offense.

In April, CyberScoop reported that Project Glasswing was created partly in response to growing concerns that highly capable AI systems could uncover previously undetected software vulnerabilities faster than organizations can patch them.

Anthropic said the initiative was intended to help defenders “get ahead” of emerging AI-driven cyber risks by allowing technology companies and security organizations to identify vulnerabilities before malicious actors exploit them.

IBM’s announcement comes as major cybersecurity vendors race to integrate AI more deeply into enterprise security operations.

In a recent security blog post, Microsoft noted that frontier AI models are changing how organizations approach vulnerability detection, prioritization, and remediation. The company said AI-assisted systems could help security teams identify exploit chains and accelerate defensive responses at enterprise scale.

Industry analysts say the shift reflects growing concern that increasingly capable AI systems may eventually automate portions of offensive cybersecurity activity, including vulnerability discovery and exploit generation.

A report published last month by the Cloud Security Alliance described Project Glasswing as evidence that frontier AI models are beginning to autonomously discover high-severity vulnerabilities across major operating systems and software platforms.

At the same time, companies are increasingly viewing AI-powered cybersecurity as a commercial opportunity.

IBM said its latest offerings are designed to help enterprises manage increasingly complex hybrid cloud environments while reducing operational burdens on security teams. The company has invested heavily in AI infrastructure and enterprise AI products in recent years as part of a broader effort to expand its position in generative AI services and enterprise automation.

Researchers and security executives have cautioned, however, that the growing use of AI in cybersecurity also raises governance and oversight concerns.

Analysts say organizations adopting AI-driven security systems will likely face increasing pressure to ensure automated tools remain transparent, auditable, and resistant to manipulation.

Despite those concerns, investment in AI-powered cybersecurity continues to accelerate as enterprises confront mounting ransomware attacks, expanding cloud infrastructure, and persistent shortages of experienced cybersecurity professionals.

For large technology companies, the race is no longer simply about building stronger AI systems. It is increasingly about determining whether artificial intelligence ultimately shifts the balance of power toward cyber defenders or attackers.