IBM, Red Hat Commit $5 Billion to Open Source Security With 20,000 Engineers
Updated
Updated · IBM Newsroom · May 28
IBM, Red Hat Commit $5 Billion to Open Source Security With 20,000 Engineers
13 articles · Updated · IBM Newsroom · May 28
$5 billion Project Lightwell will create a trusted clearinghouse that helps enterprises identify, validate and patch open source vulnerabilities across software supply chains.
More than 20,000 engineers, backed by frontier AI, will handle vulnerability triage, secure patch development and upstream maintenance as AI speeds both discovery and exploitation of flaws.
11 major financial firms — including Bank of America, Goldman Sachs, JPMorganChase and Visa — are already working with IBM and Red Hat as early adopters shaping the model.
The push targets a broad enterprise dependency base: more than 90% of Fortune 500 companies use open source software, while IBM says it already relies on over 62,000 open source packages.
Will IBM's $5B project save open source or create a new corporate gatekeeper for security?
As AI supercharges cyberattacks, can IBM's new AI defense finally secure the world's most critical software?
Securing the Software Supply Chain: Inside IBM’s $5 Billion Project Lightwell for Open Source Security
Overview
IBM launched Project Lightwell on May 28, 2026, as a major initiative to strengthen open source security. Building on lessons from earlier industry projects, Lightwell introduces an innovative clearinghouse model that helps enterprises manage and secure their software supply chains. Through commercial subscriptions, organizations can access a streamlined process to directly integrate validated security patches into their existing systems. This approach not only improves the security posture of enterprises but also represents a strategic effort by IBM to address the growing challenges in open source software security.