Putting frontier AI to work to strengthen defenses

As AI accelerates cyberattacks, the biggest risk for enterprises is no longer whether vulnerabilities will be found, but how quickly organizations can respond.

Frontier models are shrinking attacks that once took weeks into days or hours, while most security teams continue to operate through layers of manual reviews and approvals.

Closing that growing gap requires technology and ecosystem collaboration. That’s one reason IBM has been participating in Project Glasswing, an industry effort to protect critical software from AI-driven threats.

Through this work, we’ve been hardening our own products, contributing fixes back to open source, and sharing findings and best practices with other participants. This reflects a broader, sustained approach to building resilience against rapidly evolving AI-driven threats.

As attackers increasingly use AI to speed up and scale cyberattacks, security teams are beginning to deploy frontier models of their own. One example is Claude’s Mythos Preview, a security-focused version of Claude designed to help identify and analyze software vulnerabilities.

IBM takes a multi-model approach to security—evaluating and deploying a mix of both traditional and AI-enabled tools based on their effectiveness, governance and risk controls. We’ve applied AI models, including frontier models such as Claude’s Mythos Preview to these capabilities across our defenses. For example:

• Detection and analysis. IBM is introducing AI to assist in identifying and prioritizing critical threats. Our goal is to reduce the time between detection and remediation as attackers automate more of the threat chain.
• Software lifecycle integration. IBM is working to embed AI-assisted capabilities across our software lifecycle to improve vulnerability assessment, software analysis, remediation prioritization and response coordination. A key focus is on leveraging AI code assistants, such as IBM Bob, to automate testing and test harness automation to enable faster remediation through accelerated testing.
• Vulnerability remediation. We use both traditional industry-standard and AI tools to automatically triage and remediate vulnerabilities. The program incorporates newer AI tools, alongside more traditional software composition analysis, static and dynamic analysis, as well as scanners for images, secrets and other potential risks.

IBM’s approach still centers on core principles such as centralized governance, coordinated PSIRT processes, automated testing, engineering oversight and risk-based remediation. But we’re now weaving AI into each of those areas to keep pace with the ever-evolving threat landscape.

As AI accelerates the pace and sophistication of cyberattacks, foundational security practices are even more critical.

Here’s how organizations can get started.

1. Reinforce zero trust architectures. Faster, more automated attacks reinforce the need for a zero-trust approach. At its core, zero trust recognizes that being protected does not mean being secure. Security cannot be assumed, which is why leading organizations operate with an “assumed breach” mindset. This approach assumes that identities, devices or networks may already be compromised and relies on continuous verification, using AI and analytics to validate access between users, data and applications in real time.
2. Keep software current. Maintaining up-to-date systems is essential as attackers accelerate the exploitation of known vulnerabilities. Organizations running outdated software or with aging infrastructure estates often struggle to deploy fixes or mitigations quickly enough to reduce exposure, creating a widening gap between vulnerability discovery and remediation.
3. Automate patch management. In an environment where vulnerabilities are identified faster than ever, the ability to assess, prioritize and deploy patches quickly is now a core security necessity. Organizations that treat patching as a continuous, risk-based process are better positioned to reduce exposure without disrupting operations.
4. Report vulnerabilities. Should a client identify a vulnerability themselves, they should not hesitate to report it to their vendors—IBM or others. For IBM, vulnerabilities can be cross referenced, and if necessary reported, as described on the IBM Trust Center.

We will continue sharing findings, fixes and best practices with the open-source community and the broader ecosystem to help strengthen collective defenses against rapidly evolving threats.