IBM Joins OpenAI's Daybreak Cyber Partner Program

IBM has joined the OpenAI Daybreak Cyber Partner Program and has launched an application security service that integrates OpenAI's frontier models into companies' defense operations. The service is already available and is accompanied by a significant second announcement: Project Lightwell, supported by a $5 billion commitment from IBM and Red Hat.

The core of the offering is an application security service that leverages the cyber capabilities of OpenAI models to identify and validate software vulnerabilities with greater speed and accuracy, going beyond traditional code scanning.

Delivery is facilitated through IBM Consulting Advantage, which connects the client's application environment to the AI models in a controlled and governed manner. Access to code repositories is read-only, and execution is confined: the AI examines the software without the ability to modify it. Further integrations are expected under the Daybreak program.

The rationale behind the move is summarized by Mark Hughes, Global Managing Partner Cybersecurity Services at IBM Consulting: "Attackers are already using AI to probe, exploit, and escalate threats at machine speed. Defenders need the same advantage, with the security and control that companies require."

Project Lightwell and the Open Source Supply Chain

The second front is Project Lightwell, an enterprise security clearinghouse with engineers dedicated to patching, validating, and managing open source code along the software supply chain. The initiative is based on the $5 billion commitment from IBM and Red Hat and employs the cyber capabilities of OpenAI alongside other frontier models. The goal is to oversee the shared dependencies from which much of the enterprise software is sourced.

Dane Stuckey, Chief Information Security Officer at OpenAI, comments: "Security is central to realizing the benefits of advanced AI. Through the OpenAI Daybreak Cyber Partner Program, we collaborate with AI pioneers like IBM to use frontier models to accelerate defensive security workflows, supporting companies, governments, and other organizations as they identify risks, enhance resilience, improve security, and ultimately adopt AI with the confidence, controls, and compliance their environments require."

A Race Against Time

The timing aligns with a warning issued by the intelligence agencies of the Five Eyes alliance, which in a joint notice cautioned that frontier AI models will transform offensive and defensive cyber capabilities within a matter of months, not years. According to the agencies, AI lowers the barriers for malicious actors and compresses the window between the discovery of a vulnerability and its exploitation, from weeks to days or even hours.