IBM, Red Hat commit $5B to open-source security clearinghouse

IBM and Red Hat will invest $5 billion in Project Lightwell, an AI-backed clearinghouse that uses 20,000 engineers to validate open-source patches; major banks are early adopters.

IBM and Red Hat announced Project Lightwell, a $5 billion initiative to create a clearinghouse that secures open-source software for enterprises. The service will combine AI tools with a global workforce of 20,000 engineers to validate and deliver patches through commercial subscriptions.

The clearinghouse will act as a security coordination layer for widely used open-source components. Automated analysis will be paired with human testing and verification to produce fixes intended for enterprise environments. Customers will be able to receive vetted patches and integrate them into existing software supply chains with lifecycle tracking.

Early adopters from the financial sector include Bank of America, BNY, Citi, Goldman Sachs, JPMorgan Chase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa and Wells Fargo.

IBM and Red Hat described the effort as a joint industry initiative to provide a central point for tracking, testing and delivering remediations for vulnerabilities in open-source components used in corporate systems.

The companies cited faster vulnerability discovery and increased threats as reasons for the project. More than 90% of Fortune 500 companies use open-source software. An AI model called Mythos Preview identified about 3,900 high- or critical-severity vulnerabilities in open-source code, the firms said.

Project Lightwell will use machine learning and other AI techniques to prioritize and validate fixes. A global engineering team will perform testing and verification across affected projects. IBM and Red Hat said the service will track fixes from discovery through validation and delivery so enterprises can apply updates with reduced manual work.

Arvind Krishna, chairman and CEO of IBM, stated: “Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled. With Project Lightwell, IBM and Red Hat are helping define a new industry model, one that brings together AI, engineering expertise, and trusted collaboration, to secure open source software at its source and across the entire supply chain. This is about strengthening trust in the systems that power business, government, and society.”

Articles by this author