IBM joins OpenAI cyber program for vulnerability detection

• IBM joined OpenAI’s cyber program to target software vulnerabilities.
• The service uses OpenAI tools inside client environments.

IBM has joined OpenAI’s Daybreak Cyber Partner Program and launched an application security service that uses OpenAI’s cyber capabilities to identify and validate software vulnerabilities.

The partnership gives IBM access to OpenAI’s cyber tools for use in enterprise security workflows. IBM said the tools will be deployed inside client environments to help identify risks and support remediation work.

Verizon’s 2026 Data Breach Investigations Report found that 31% of breaches now start with software vulnerabilities. The report said software flaws have overtaken stolen credentials as the most common initial access point.

Mark Hughes, global managing partner for cybersecurity services at IBM Consulting, said attackers are already using AI “to probe, exploit, and scale threats at machine speed.” He said defenders need similar capabilities, but with enterprise security and control requirements in place.

Built on Project Lightwell

The new service is built on Project Lightwell, an IBM and Red Hat initiative backed by a $5 billion commitment. The project is intended to support open source software security through engineering resources and AI tools.

IBM and Red Hat said Project Lightwell is backed by more than 20,000 engineers and is focused on open source software security across development and production environments. Reuters reported that Project Lightwell seeks to create a clearinghouse for open source security.

Reuters said companies will be able to confidentially report security flaws, receive tested fixes, and share those fixes with the broader open source community.

Project Lightwell will use OpenAI’s cyber capabilities alongside other frontier AI models for code review and remediation.

Inside the client environment

IBM said the application security service uses AI-driven analysis to assess application code and prioritise areas with higher potential for flaws. The service is also designed to identify potential exploitable paths.

The service is powered by IBM Consulting Advantage, the company’s AI platform for consulting services. IBM said the platform connects client application environments to AI tools using security and governance controls.

IBM said the service operates within a client’s environment with read-only access to code repositories and bounded execution. The setup is intended to support large-scale exposure analysis without moving code outside the client environment.

Clients can begin with focused evaluations of selected applications. IBM said the service can later expand to continuous monitoring as code changes and new threats emerge.

OpenAI describes Daybreak as a cybersecurity effort focused on helping defenders find and validate vulnerabilities before they are exploited. The program also supports remediation work.

Dane Stuckey, OpenAI’s chief information security officer, said the program is focused on applying frontier models to defensive security workflows. He said the work is aimed at enterprises, governments, and other organisations.

IBM said the new application security service is available immediately, with additional integrations planned through the OpenAI Daybreak Cyber Partner Program.

IBM shares rose 3.6% in after-hours trading following the announcement.

Want to experience the full spectrum of enterprise technology innovation? Join TechEx in Amsterdam, California, and London. Covering AI, Big Data, Cyber Security, IoT, Digital Transformation, Intelligent Automation, Edge Computing, and Data Centres, TechEx brings together global leaders to share real-world use cases and in-depth insights. Click here for more information.