IBM invests $5 billion to protect open-source software from AI threats, CEO Arvind Krishna says it was due to Anthropic’s Mythos that …

International Business Machines (IBM) has announced a $5 billion cybersecurity initiative called Project Lightwell, aimed at protecting open-source software from highly advanced AI threats. The company has roped in its subsidiary Red Hat and the project is backed by a global force of more than 20,000 engineers. According to IBM CEO Arvind Krishna, the catalyst for this enormous investment was the capability of Anthropic’s powerful AI model, Mythos that found vulnerabilities in software, and worried banks and governments worldwide. “Mythos was the critical triggering factor on this,” Krishna revealed in an exclusive interview with CNBC, noting that advanced large language models are “remarkably adept at finding vulnerabilities” and exploiting security gaps in both proprietary and open-source code.Open-source software is incredibly popular among major corporations because it is cost-effective and easy to access. However, its open nature also makes it a prime target for AI-driven cyberattacks. Recognising this risk, some of the biggest financial institutions in the United States have already signed on as early adopters of Project Lightwell. The roster includes banking giants Goldman Sachs, Morgan Stanley, JPMorgan and Bank of America.“They will use the latest tools to figure out where they might have a vulnerability and where there isn’t a patch that is already available,” Krishna explained.To combat the fast-moving AI threats, IBM is pulling in Red Hat to help anchor the project. Together, the companies are dedicating a force of 20,000 software engineers to help partners secure their software code.The urgency behind Project Lightwell stems from IBM's involvement in Project Glasswing – a separate cybersecurity initiative that is currently previewing Anthropic's Mythos model before its widespread public release. Tech and security leaders have had early access to the model, and had multiple meetings to discuss how to defend against the unique cyber threats exposed by Mythos.Despite the push, Krishna stated that he does not view traditional, incumbent cybersecurity firms as rivals. Instead, he sees Project Lightwell as a vital missing piece to the broader security puzzle.“They’re great at protecting the perimeter, they’re great at figuring out what’s going on, but they don’t do patching and they don’t do the protection of other software. So this, I think, is a great complement to what they do,” Krishna said regarding existing cybersecurity companies.