A day after Google made headlines with its Threat Defense AI cybersecurity tool, IBM stepped into the global digital infrastructure space with a massive investment of $5 billion cybersecurity initiative. Called the ‘Project Lightwell’, the project is essentially a push to secure global digital infrastructure against rapidly escalating threats from AI.
Project Lightwell is a massive undertaking designed to safeguard open-source software from highly advanced, AI-driven cyber threats capable of automated vulnerability exploitation.
According to IBM CEO Arvind Krishna, the primary reason behind the multi-billion-dollar investment was the alarming capability of Anthropic’s upcoming next-generation AI model, Mythos.
During early evaluation of Claude Mythos, which was released to select infrastructure firms and institutions, the ‘dangerous’ model demonstrated an unprecedented aptitude for locating deep-seated flaws in software code, sending shockwaves through global banking systems and government agencies.
“Mythos was the critical triggering factor on this,” Krishna revealed in an interview with CNBC. He added that advanced large language models (LLMs) are “remarkably adept at finding vulnerabilities” and weaponising security gaps in both proprietary and open-source infrastructure.
Wall Street names are IBM’s early customers
Recognising the severe risk to the global financial system, some of the largest financial institutions in the United States have signed on as early adopters of Project Lightwell. The initial roster includes banking titans like JPMorgan Chase, Goldman Sachs, Morgan Stanley, and Bank of America.
“They will use the latest tools to figure out where they might have a vulnerability and where there isn’t a patch that is already available,” Krishna noted.
Note that most institutions utilise open-source software, which eventually forms the foundational backbone of modern corporate infrastructure. While many may question the logic behind it, companies choose the open-source platforms due to their accessibility and cost-efficiency. However, the transparent and public-facing architecture also leaves it highly vulnerable to AI-powered scanners that can discover and attack zero-day flaws instantly.
With 20,000 engineers, IBM wants to patch the gaps
To neutralise fast-moving AI threats before they can be exploited maliciously, IBM is heavily leaning on its open-source subsidiary, Red Hat. Both tech giants are mobilising a massive global force of more than 20,000 software engineers dedicated to helping corporate and institutional partners secure and patch their active software pipelines.
Despite entering the cybersecurity arena with significant financial backing, Krishna clarified that IBM does not view legacy or incumbent cybersecurity firms as rivals. Rather, he envisions Project Lightwell as an essential layer addressing a critical gap in the current market.
“They’re great at protecting the perimeter, they’re great at figuring out what’s going on, but they don’t do patching, and they don’t do the protection of other software,” Krishna explained regarding traditional cybersecurity vendors. “So this, I think, is a great complement to what they do.”
The immediate urgency behind Project Lightwell came up through IBM’s involvement in Project Glasswing — a separate, restricted cybersecurity initiative set up to preview Anthropic’s Mythos model before its widespread public rollout. The raw capabilities of the model that tech leaders witnessed during these early access trials triggered immediate and high-level defensive meetings across the tech sector. They all wanted to figure out how to counter the unique defensive gaps exposed by the model.