International Business Machines (IBM) has unveiled a $5 billion cybersecurity initiative named Project Lightwell, designed to safeguard open-source software against sophisticated artificial intelligence threats. The company has enlisted its subsidiary Red Hat to support the project, which is backed by a global force of over 20,000 engineers.
Catalyst for the Investment
According to IBM CEO Arvind Krishna, the driving force behind this massive investment was the capability of Anthropic's powerful AI model, Mythos, which identified vulnerabilities in software and raised concerns among banks and governments worldwide. "Mythos was the critical triggering factor on this," Krishna revealed in an exclusive interview with CNBC. He noted that advanced large language models are "remarkably adept at finding vulnerabilities" and exploiting security gaps in both proprietary and open-source code.
Wall Street Banks Join Early
Open-source software is widely used by major corporations due to its cost-effectiveness and accessibility. However, its open nature also makes it a prime target for AI-driven cyberattacks. Recognizing this risk, several major U.S. financial institutions have signed on as early adopters of Project Lightwell. The roster includes banking giants Goldman Sachs, Morgan Stanley, JPMorgan, and Bank of America. "They will use the latest tools to figure out where they might have a vulnerability and where there isn’t a patch that is already available," Krishna explained.
20,000 Engineers Deployed
To combat fast-moving AI threats, IBM is leveraging Red Hat to anchor the project. Together, the companies are dedicating a force of 20,000 software engineers to help partners secure their software code. The urgency behind Project Lightwell stems from IBM's involvement in Project Glasswing, a separate cybersecurity initiative currently previewing Anthropic's Mythos model before its widespread public release. Tech and security leaders have had early access to the model and held multiple meetings to discuss defense strategies against the unique cyber threats exposed by Mythos.
Complementary to Existing Cybersecurity
Despite the push, Krishna stated that he does not view traditional, incumbent cybersecurity firms as rivals. Instead, he sees Project Lightwell as a vital missing piece of the broader security puzzle. "They’re great at protecting the perimeter, they’re great at figuring out what’s going on, but they don’t do patching and they don’t do the protection of other software. So this, I think, is a great complement to what they do," Krishna said regarding existing cybersecurity companies.
