IBM adds Anthropic-backed AI security push

IBM expanded its AI security services and partnered with Anthropic on Project Glasswing.

IBM said on Wednesday, May 20, 2026, that it is broadening its AI security portfolio with new services aimed at detecting and responding to AI-driven cyber threats. The company also entered a partnership with Anthropic to support Project Glasswing, an effort focused on securing open-source software used in critical infrastructure.

What changed

The update adds AI-powered security services to IBM’s enterprise stack, with a focus on spotting AI-enabled attacks and speeding response. IBM framed the move as part of a broader push across consulting, software, and managed security for regulated customers.

Project Glasswing is the most concrete new piece. IBM says the effort is meant to support shared vulnerability discovery and remediation across open-source components that sit under many enterprise and infrastructure workloads.

• New AI-powered security services for threat detection and response
• Anthropic partnership tied to Project Glasswing
• Open-source software security focus for critical infrastructure
• Shared vulnerability discovery and remediation across the security community

Why it matters

For developers and security teams, the message is that AI risk is moving from theory to product planning. IBM is trying to make its security offering relevant to both AI-generated attacks and the open-source supply chain problems that can ripple through enterprise systems.

For the market, the move reinforces IBM’s pitch as a full-stack vendor for hybrid cloud, AI, and security rather than a point solution. The key test is whether these services help IBM win more compliance-heavy accounts that care about vendor responsibility for both model risk and open-source exposure.

The bigger question is whether Project Glasswing becomes a real ecosystem effort or just another partnership announcement. If IBM can show customer adoption and visible vulnerability output, it may strengthen its case with regulated buyers; if not, the update will read more as positioning than proof.