Technology companies have increasingly turned to AI systems to defend against AI-powered attacks.
IBM said it has started integrating AI systems into vulnerability analysis, remediation prioritization, software testing and response coordination. The company also said it uses AI code assistants to automate portions of testing and patch management workflows.
“IBM takes a multi-model approach to security,” Thomas wrote in the blog post. “We’ve applied AI models, including frontier models such as Claude’s Mythos Preview to these capabilities across our defenses.”
Claude’s Mythos belongs to a new category of AI systems designed for cybersecurity analysis. Security-focused models can help researchers identify vulnerabilities, analyze malware and simulate attacks against enterprise environments.
Hughes said AI has dramatically shortened the window between vulnerability disclosure and exploitation.
“The time [it took] to exploit published vulnerabilities a year ago was 23 days on average,” Hughes added. “Now, using some of these frontier models, that’s gone down to nine hours. So this is real.”
IBM said companies need to automate more of the vulnerability-response process as attacks become more sophisticated. The company also pointed to zero trust security systems, which continuously verify users and devices instead of assuming anything inside a network is automatically safe.
Another piece of the strategy involves IBM Autonomous Security, a platform that uses AI agents to automate parts of threat detection and response.
“It won’t be simply a question of waiting for a patch to appear,” Hughes said. “A lot of the response here is about making sure that the existing security controls now operate much more effectively and much faster than they have done before.”