IBM, Red Hat Launch $5 Billion Lightwell Services to Patch Open-Source AI Threats
Updated
Updated · ZDNet · Jul 8
IBM, Red Hat Launch $5 Billion Lightwell Services to Patch Open-Source AI Threats
2 articles · Updated · ZDNet · Jul 8
Summary
Lightwell Network is now generally available and Lightwell Clearinghouse Premier has entered limited onboarding, turning IBM and Red Hat’s open-source defense project into enterprise security services.
The $5 billion effort uses generative AI plus 20,000 engineers to find vulnerabilities, validate fixes and backport patches directly to long-lived software versions, aiming to counter what the companies call “$50 AI-generated exploits.”
Lightwell Network delivers signed binaries, source code and SBOM compliance artifacts into existing pipelines, while Clearinghouse Premier starts with financial-services customers handling embargoed vulnerabilities and targeted remediations.
IBM and Red Hat are positioning Lightwell against a broader wave of AI-era open-source defense efforts, including the Linux Foundation’s Akrites and Chainguard’s Athena coalition, which says it has processed 40,000 findings and generated 2,000 patches across 500 projects.
Will AI security services create a new class of protected software, leaving the rest of open-source more vulnerable?
As AI battles AI in cyberspace, can any single company truly secure the vast open-source ecosystem?
Project Lightwell: IBM and Red Hat Launch $5 Billion AI-Era Initiative to Secure Open Source Software
Overview
Project Lightwell, recently launched by IBM and Red Hat, is a major initiative designed to tackle the growing security risks in open-source software, especially as AI becomes more integrated into technology. With the increasing reliance on open-source components in modern development, Lightwell aims to build a robust trust infrastructure and enhance the security of the software supply chain. The project expands with new offerings and focuses on ensuring reliability and trustworthiness for AI-era open source, addressing the urgent need for stronger protection as digital systems evolve.