IBM has announced an expansion of its enterprise security programme alongside its participation in Project Glasswing, an industry initiative led by Anthropic, the AI company behind the Claude model, that brings together technology and security companies to identify and remediate vulnerabilities in widely used software infrastructure. IBM said it has already been finding and fixing vulnerabilities in common software components through the initiative and contributing those fixes back to the open-source community through coordinated disclosure and upstream patches.
The security expansion centres on IBM Concert, a product that uses AI to aggregate signals from applications, infrastructure and network systems into a single operational view and help organisations identify and address vulnerabilities before they are exploited. Rather than monitoring each layer separately, Concert correlates data across them to prioritise which vulnerabilities pose the greatest business risk. The product includes a developer-facing component called IBM Concert Secure Coder, which operates inside the developer's code editor to detect security risks as code is being written, prioritise them by potential business impact and generate automatic fixes before the code reaches production.
On the services side, IBM Consulting is offering what it calls Autonomous Security, a service that uses multiple AI agents working together to handle detection, decision-making and response at machine speed. The service is designed for organisations facing AI-accelerated attacks where the speed of reconnaissance, vulnerability discovery and exploitation by attackers has compressed the time available for human-led response. IBM is delivering the service through its own team and through business partners.
The third component involves IBM and Red Hat's work on open-source security. Many enterprise systems rely on open-source components that may no longer be actively maintained by their original developers. IBM and Red Hat maintain enterprise-grade versions of widely used open-source software and contribute fixes proactively, which means that when a vulnerability is discovered in an open-source component, the companies can issue patches to their customers without waiting for community-driven fixes. The Glasswing participation extends this practice by sharing findings across the initiative's members.
"AI-powered attacks have already moved beyond what traditional defenses can match. We're helping clients assess their exposure and putting tools like IBM Concert to work in more environments. Separately, as part of Project Glasswing, we've been hardening our own products and contributing fixes back to the open-source community. The collaboration makes the entire ecosystem stronger," said Rob Thomas, SVP Software & Chief Commercial Officer, IBM.
The announcement positions IBM's security strategy around three layers operating simultaneously. Concert provides the detection and prioritisation tooling. Consulting and Autonomous Security provide the operational response capacity. And the Red Hat and Glasswing work addresses the supply chain risk embedded in the open-source dependencies that most enterprise software relies on. IBM framed the approach as a response to attackers using AI to accelerate every phase of an attack, from initial reconnaissance through exploitation, which reduces the window that defenders have to detect and respond.
