To protect corporate interests, business leaders must invest in robust AI governance to securely manage their AI infrastructure.
When evaluating enterprise software adoption, recurring patterns determine how the technology matures across industries. As Rob Thomas, IBM’s senior vice president and CCO, recently outlined, software typically moves from standalone products to platforms, and then from platforms to underlying infrastructure, completely changing management rules.
In the early stages of a product, tight corporate control often feels very advantageous. A closed development environment iterates quickly and provides tight control over the end-user experience. They capture and concentrate financial value within a single enterprise. This approach works well early in the product development cycle.
But IBM’s analysis highlights that expectations change completely once the technology solidifies at the foundational layer. As other institutional frameworks, external markets, and broader operational systems rely on the software, prevailing standards adapt to new realities. At infrastructure scale, embracing openness ceases to be an ideological position and becomes a very real necessity.
AI is now crossing this threshold within the enterprise architecture stack. Models are increasingly being built directly into how organizations secure networks, write source code, perform automated decision-making, and create commercial value. AI will serve as core operational infrastructure rather than an experimental utility.
A recent limited preview of Anthropic’s Claude Mythos model brings this reality into sharper relief for business executives managing risk. Anthropic reports that this particular model can discover and exploit software vulnerabilities at a level comparable to a small number of human experts.
In response to this force, Anthropic launched Project Glasswing, a gated initiative aimed at putting these advanced capabilities directly into the hands of network defenders for the first time. From IBM’s perspective, this development exposes technology personnel to an impending structural vulnerability. Thomas notes that when autonomous models have the ability to create exploits and shape the overall security environment, centralizing the understanding of these systems to a few technology vendors can expose them to significant operational risks.
With models achieving infrastructure status, IBM argues that the key question is no longer just what these machine learning applications can do. The priority is how to build, manage, test, and actively improve these systems over time.
As the underlying frameworks grow in complexity and importance to the enterprise, maintaining a closed development pipeline becomes extremely difficult to adhere to. No single vendor can predict all operational requirements, adversarial attack vectors, and system failure modes.
Implementing opaque AI structures creates significant friction across existing network architectures. Connecting closed, proprietary models to established enterprise vector databases or sensitive internal data lakes often creates massive troubleshooting bottlenecks. When abnormal output occurs or hallucination rates spike, the team lacks the internal visibility needed to diagnose whether the error is in the search expansion generation pipeline or in the underlying model weights.
Integrating traditional on-premises architectures with highly gated cloud models creates significant delays in daily operations. Enterprise data governance protocols strictly prohibit sending sensitive customer information to external servers, leading technology teams to attempt to delete and anonymize datasets before processing. This ongoing data sanitization creates a significant operational burden.
Additionally, the computational costs associated with continuous API calls to locked models skyrocket, undermining the precise profit margins these autonomous systems are supposed to enhance. This uncertainty prevents network engineers from accurately sizing hardware deployments and forces enterprises to enter into expensive overprovisioning agreements to maintain baseline functionality.
Why open source AI is essential for operational resiliency
Restricting access to powerful applications is a human instinct, much like vigilance. But as Thomas points out, for large infrastructures, security is typically improved not through strict obscurity, but through strict external monitoring.
This represents an enduring lesson in open source software development. Open source code does not eliminate risk for a company. Instead, IBM claims to proactively change the way organizations manage their risks. An open foundation allows a wider range of researchers, enterprise developers, and security defenders to interrogate architectures, uncover fundamental weaknesses, test basic assumptions, and harden software under real-world conditions.
In cybersecurity operations, pervasive visibility is rarely the enemy of operational resilience. In fact, visibility often serves as a strict prerequisite for achieving resilience. Technologies that are deemed extremely important tend to be more secure if more people can challenge them, validate their logic, and contribute to continuous improvement.
Thomas discusses one of the oldest misconceptions about open source technology: the idea that it necessarily commoditizes a company’s innovation. In real-world applications, open infrastructure typically pushes market competition higher up the technology stack. Open systems transfer economic value rather than destroying it.
As common digital infrastructures mature, commercial value will relocate to complex implementation, system orchestration, continuous reliability, trust mechanisms, and domain-specific expertise. IBM’s position is that the long-term commercial winners are not the companies that own the underlying technology layer, but the organizations that understand how to apply it most effectively.
We’ve seen this same pattern play out across previous generations of enterprise tools, cloud infrastructure, and operating systems. Open foundations have historically expanded developer participation, accelerated iterative improvements, and created entirely new and larger markets built on top of these base layers. Business leaders increasingly view open source as critical to infrastructure modernization and new AI capabilities. IBM predicts that AI is likely to follow exactly this historical trajectory.
Looking across the broader vendor ecosystem, leading hyperscalers are adjusting their business posture to accommodate this reality. Rather than engaging in a pure arms race to build the largest proprietary black box, profitable integrators are focusing on orchestration tools that allow enterprises to swap out the underlying open source model based on specific workload demands. Underscoring its continued leadership in this space, IBM is the primary sponsor of this year’s AI & Big Data Expo North America, where its evolving strategy for open enterprise infrastructure will be a key focus.
This approach completely avoids restrictive vendor lock-in, allows enterprises to route less demanding internal queries to a smaller, more efficient open model, and frees up expensive computing resources for complex autonomous logic for customers. By decoupling the application layer from a specific underlying model, technical personnel can maintain operational agility and protect revenue.
The future of enterprise AI requires transparent governance
Another practical reason to adopt an open model revolves around its impact on product development. IBM emphasizes that narrow access to the underlying code necessarily reduces operational visibility. In contrast, who is allowed to participate directly determines what kind of applications are ultimately built.
By providing broad access, governments, various institutions, start-ups, and various researchers can actively influence how technology evolves and where it is commercially applied. This holistic approach drives functional innovation while building structural adaptability and the necessary public legitimacy.
As Thomas argues, as autonomous AI assumes a core infrastructure role for enterprises, reliance on opacity will no longer serve as an organizing principle for system safety. The most reliable blueprint for secure software combines an open foundation with extensive external oversight, active code maintenance, and serious internal governance.
As AI permanently enters the infrastructure stage, IBM claims that the same logic will increasingly be applied directly to the underlying models themselves. The more a company relies on technology, the more openness it demands.
If these autonomous workflows are truly becoming the foundation of global commerce, transparency will no longer be a casual topic of discussion. According to IBM, this is an absolute, non-negotiable design requirement for modern enterprise architectures.
See: Why companies like Apple are building limited AI agents
Want to learn more about AI and big data from industry leaders? Check out the AI & Big Data Expos in Amsterdam, California, and London. This comprehensive event is part of TechEx and co-located with other major technology events such as Cyber Security & Cloud Expo. Click here for more information.
AI News is brought to you by TechForge Media. Learn about other upcoming enterprise technology events and webinars.
