The AI cyber arms race is moving from lab hype to enterprise sales motion. IBM on Wednesday launched new security services aimed at attacks powered by frontier AI models, joining a fast-growing push by vendors to sell defenses built for machine-speed threats.
IBM’s move matters less because it unveiled something entirely new than because it shows where the market is heading. McKinsey says cybersecurity is now a roughly $220 billion market, and the next phase of growth will come less from brand-new categories than from rebuilding core layers such as identity, detection and security operations to absorb AI.
One part of IBM’s launch comes from IBM Consulting, not a boxed product. The company said it is offering a new cybersecurity assessment to help enterprises gauge how exposed they are to “agentic enabled” threats. IBM said the service will map security gaps, policy weaknesses, AI-specific exposures and likely exploit paths, then deliver mitigation guidance with help from technology partners.
The second piece is IBM Autonomous Security, which IBM describes as a multi-agent service that works across a customer’s security stack. The company said it uses coordinated AI agents to analyze exposures, understand exploit paths, enforce policies, detect anomalies and contain threats with less human intervention. IBM is pitching that as a way to cut exposure windows and speed containment.
IBM is not entering a quiet field of AI-driven continuous cyber threat detection. CrowdStrike used RSA 2026 to launch Agentic MDR, arguing that AI-enabled adversaries rose 89% year over year while average eCrime breakout time fell to 29 minutes. IBM’s angle is broader and more services-heavy: less a managed detection play than a bet that large enterprises will need consulting plus cross-stack automation to prepare for autonomous attacks.
That contrast is an inference based on the two companies’ launch materials. The timing also is not accidental. IBM’s launch lands a week after Anthropic introduced Mythos and a day after OpenAI unveiled GPT-5.4-Cyber, two releases that pushed AI-driven cyber risk into mainstream security debate. Reuters reported that Anthropic said Mythos could identify and exploit weaknesses across major operating systems and browsers, and that OpenAI answered with a cyber-focused model of its own for vetted defenders.
That gives IBM a sharper reason to make noise now regardfing ai-driven cyber threats in 2026. The company is trying to position itself as a large-enterprise integrator for the next security cycle, one where buyers may worry less about whether AI can speed attacks and more about whether their current tools and workflows can keep up.
