IBM and Red Hat's $5B Project Lightwell bets on securing open source in the AI era

IBM and Red Hat have committed $5 billion and more than 20,000 engineers to Project Lightwell, an initiative to secure the open-source software that underpins enterprise IT against AI-accelerated threats. The premise: frontier models are collapsing the exploit window from weeks to hours, with one preview model reportedly flagging nearly 3,900 high- or critical-severity vulnerabilities in open source alone. Lightwell establishes a 'trusted enterprise clearinghouse' that uses AI to triage, validate and test fixes at scale, paired with upstream maintenance, dependency hardening and secure release engineering. Early adopters skew financial, including Bank of America, Citi, Goldman Sachs, JPMorganChase, Mastercard and Visa. For any organization building on open-source stacks, which is to say most of them, it is a sign that software supply-chain security is becoming an AI-vs-AI arms race, and that the provenance and patch cadence of your dependencies now deserve board-level attention.

This is a summary by by our content curator. Read the original at IBM Newsroom: https://newsroom.ibm.com/2026-05-28-ibm-and-red-hat-commit-5-billion-to-redefine-the-future-of-open-source-in-the-ai-era.