IBM partners with OpenAI to boost enterprise security tools

IBM moved OpenAI capabilities deeper into enterprise security on Monday, pairing a new application security service with a broader push to help companies confront fast-moving cyber threats. The announcement sent IBM shares up 3.6% in after-hours trading, according to Reuters, and underscored how quickly AI is becoming a tool for governance as much as a product feature.

The company said it joined OpenAI’s Daybreak Cyber Partner Program and will use those capabilities to help customers identify and minimize security risks more quickly. IBM said the new service goes beyond traditional code scanning by using AI-driven analysis to assess application code, prioritize the places most likely to contain flaws, and operate inside a client’s environment with read-only access to code repositories and bounded execution. The service is designed as a managed offering that can begin with focused reviews of key applications and then expand into continuous monitoring as code and threats change.

IBM tied the launch to Project Lightwell, the broader open-source security effort it announced with Red Hat on May 28, 2026. That initiative carries a $5 billion commitment from IBM and Red Hat and is backed by more than 20,000 engineers. IBM and Red Hat said Project Lightwell is meant to establish a trusted enterprise clearinghouse for open-source software and to deliver commercial subscriptions for secure patches and enterprise-grade validation across software supply chains.

The scale of that bet reflects how deeply open source runs through corporate systems. IBM and Red Hat said more than 90% of Fortune 500 companies rely on open-source software, a reality that makes security review and patch validation a major operational issue for banks, governments and large enterprises. Early collaborators on Project Lightwell include Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa and Wells Fargo.

IBM’s pitch is not only that AI can find flaws faster, but that it can do so under tighter controls than many companies are willing to accept from consumer-grade tools. Mark Hughes, IBM Consulting’s global managing partner for cybersecurity services, said attackers are already using AI to probe, exploit and scale threats at machine speed, while defenders need the same advantage with enterprise-grade security and control.

The move also signals how the market is consolidating around a smaller set of dominant AI vendors with the scale to satisfy regulated buyers. OpenAI said in its own Daybreak announcement that GPT-5.5-Cyber reached 85.6% on CyberGym, reinforcing the competition to prove that frontier models can serve as practical defenses inside enterprise workflows, not just as headline-grabbing novelties.