IBM, Red Hat Launch $5 Billion Project Lightwell for AI-Powered Open-Source Security

IBM (IBM-US) and Red Hat on Thursday announced a $5 billion investment in Project Lightwell, an initiative to strengthen open-source software supply chain security using artificial intelligence. The project will deploy roughly 20,000 engineers worldwide to build an enterprise-grade "trusted clearinghouse" that identifies, tests, and patches vulnerabilities in open-source code. The platform will operate on a commercial subscription model, allowing companies to report flaws and obtain verified fixes that integrate directly into their software supply chains. Early clients include Bank of America (BAC-US), Citigroup (C-US), Goldman Sachs (GS-US), Morgan Stanley (MS-US), Visa (V-US), and Wells Fargo (WFC-US). More than 90% of Fortune 500 companies depend on open-source software, but the rapid adoption of generative AI has made it easier for hackers to exploit vulnerabilities. IBM CEO Arvind Krishna said the project aims to establish a new industry model to enhance open-source security from source to supply chain.