IBM and Red Hat are collaborating on Project Lightwell, a $5 billion commitment backed by new frontier AI capabilities and a global force of more than 20,000 engineers to help enterprises secure open source software.
Together, these investments will establish a new model for enterprise use of open source software, from upstream development through production environments, according to the companies.
Project Lightwell will create a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale. The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to validate and test fixes across an unprecedented volume of open source code. These capabilities will be offered through commercial subscriptions, allowing enterprises to integrate secure patches directly into their existing software supply chains with enterprise-grade validation and lifecycle management, IBM and Red Hat said.
IBM and Red Hat have already begun collaborating with a select group of early adopters on Project Lightwell, including Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa, and Wells Fargo.
The real-world insights from these initial deployments will actively shape how vulnerabilities are identified, validated, and remediated at scale across complex software supply chains, the companies said.
Project Lightwell builds on IBM and Red Hat’s leadership in open source, enterprise AI, and security, and incorporates learnings from initiatives such as Anthropic’s Project Glasswing and OpenAI’s Trust Access for Cyber, with a goal of utilizing new IBM agentic security methods to protect the foundational open source layers that underpin modern enterprise and AI systems, the companies said.
“Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” said Arvind Krishna, chairman and CEO, IBM. “With Project Lightwell, IBM and Red Hat are helping define a new industry model, one that brings together AI, engineering expertise, and trusted collaboration, to secure open source software at its source and across the entire supply chain. This is about strengthening trust in the systems that power business, government, and society.”
Project Lightwell builds on IBM and Red Hat’s proven enterprise open source model, extending it beyond their traditional product footprint. Now, IBM and Red Hat are applying the same engineering discipline to the broader application landscape, including independent libraries, language toolchains, AI frameworks, and data streaming platforms.
This approach directly addresses the operational vulnerabilities enterprises face when managing independent open source code on their own.
For more information about this news, visit www.ibm.com.