IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek.
IBM and its subsidiary Red Hat announced Project Lightwell on Thursday, a joint initiative backed by a $5 billion investment and a workforce of more than 20,000 engineers. The project is designed to address the growing operational risks facing corporate digital infrastructure by systematically securing open source software across enterprise supply chains.
At the core of the initiative is the establishment of an “enterprise clearinghouse” that leverages artificial intelligence to scale software security. The system will use AI to identify, triage, prioritize, and validate vulnerabilities and fixes across open source code bases. Engineers involved in the project will focus their efforts on active upstream maintenance alongside open source community leaders, high-volume AI-assisted vulnerability reviews, and the development of secure patches and release engineering.
The resulting validated patches, capabilities, and lifecycle management features will be delivered to enterprises through commercial software subscriptions. The initiative builds on IBM and Red Hat’s existing commercial open source ecosystem, which currently handles lifecycle management and validation for major enterprise platforms such as Linux, Java, Kubernetes, Kafka, Ansible, Terraform, Flink, and Cassandra.
Related breach coverage
- Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images2026-05-26
DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images appeared first on SecurityWeek.
- In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks2026-05-29
Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks appeared first on SecurityWeek.
- Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate2026-05-27
Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek.
- Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility2026-05-21
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.