IBM and Red Hat have announced Project Lightwell, a $5 billion commitment intended to help enterprises secure open source software in the AI era. The initiative combines new frontier AI capabilities with a global team of more than 20,000 engineers to support vulnerability identification, validation, remediation, and lifecycle management across open source software supply chains. IBM and Red Hat said Project Lightwell establishes a trusted enterprise clearinghouse for open-source software, creating a security coordination layer between upstream development and production enterprise environments.
Open source software underpins much of today’s enterprise infrastructure, cloud computing, application development, and AI systems. IBM and Red Hat said more than 90% of Fortune 500 companies rely on open source software. At the same time, advances in frontier AI are accelerating vulnerability discovery and potential exploitation, increasing the need for trusted patch validation, coordinated disclosure, and production-ready remediation.
Project Lightwell is designed to address that challenge by using AI-assisted engineering workflows to validate and test fixes across large volumes of open source code. The capabilities will be offered through commercial subscriptions, allowing enterprise customers to integrate validated patches directly into existing software supply chains with enterprise-grade support, security review, and lifecycle management.
The recently announced IBM and Red Hat Project Lightwell is a $5 billion AI-era initiative designed to strengthen enterprise open source security, software supply chain protection, and trusted vulnerability remediation at scale.
IBM and Red Hat have already begun working with a select group of early adopters on Project Lightwell, including Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa, and Wells Fargo. IBM and Red Hat said insights from those deployments will help shape how vulnerabilities are identified, validated, and remediated at scale across complex enterprise software environments.
Project Lightwell builds on IBM and Red Hat’s existing open source, enterprise AI, and security work, while incorporating lessons from broader industry initiatives focused on AI-driven cybersecurity and responsible vulnerability discovery. IBM and Red Hat said the initiative will use IBM agentic security methods to help protect foundational open source layers that support modern enterprise and AI systems.
IBM Chairman and CEO Arvind Krishna said Project Lightwell reflects an inflection point in how open source software is built, secured, and scaled in the AI era.
“Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” said Arvind Krishna, Chairman and CEO, IBM. “With Project Lightwell, IBM and Red Hat are helping define a new industry model, one that brings together AI, engineering expertise, and trusted collaboration, to secure open source software at its source and across the entire supply chain. This is about strengthening trust in the systems that power business, government, and society.”
The clearinghouse model is intended to extend IBM and Red Hat’s enterprise open source approach beyond their traditional product footprint. IBM said it already uses more than 62,000 open source packages and has deep expertise across 10,000. Across technologies including Linux, Java, Kubernetes, Kafka, Ansible, Terraform, Flink, and Cassandra, IBM and Red Hat have historically provided lifecycle management, validation, and patching for components within their platforms.
With Project Lightwell, the companies plan to apply that engineering model to a broader software landscape, including independent libraries, language toolchains, AI frameworks, and data streaming platforms. The clearinghouse will allow enterprise organizations to report sensitive security issues, receive validated patches optimized for production environments, and coordinate upstream disclosures so fixes can support broader open source communities.
IBM and Red Hat said the initiative will rely on more than 20,000 engineers augmented by advanced AI capabilities. The technical work is expected to span upstream maintenance, AI-assisted vulnerability review, triage, prioritization, secure patch development, dependency hardening, and release engineering.
The announcement reflects a broader shift in how enterprises are approaching open source risk. As AI systems become more widely embedded in enterprise workflows, open source dependencies are increasingly tied to application security, AI infrastructure resilience, digital trust, and critical system protection.
Project Lightwell supports government and enterprise priorities around securing digital infrastructure, protecting critical systems, and strengthening the resilience of open source software ecosystems. For AI-driven organizations, the initiative underscores that trustworthy AI adoption depends not only on model performance, but also on the security and reliability of the software foundations beneath enterprise systems.
About IBM
IBM is a global technology company providing hybrid cloud, AI, consulting, infrastructure, software, and security solutions to organizations across more than 175 countries. The company works with clients in sectors including financial services, telecommunications, healthcare, government, manufacturing, and other critical infrastructure markets. IBM’s portfolio includes hybrid cloud technologies, Red Hat OpenShift, enterprise AI, automation, cybersecurity, industry-specific cloud solutions, consulting services, and quantum computing research and development. For more information, please click here.
About Red Hat
Red Hat is an enterprise open source software company and an IBM subsidiary. The company provides hybrid cloud, Linux, automation, developer, AI, and application platform technologies designed to support enterprise IT environments from the data center to the edge. Red Hat’s portfolio includes Red Hat Enterprise Linux, Red Hat OpenShift, automation platforms, developer tools, and cloud-native technologies used by organizations to build, deploy, secure, and manage applications across hybrid environments. To learn more, please click here.
For more information on Project Lightwell, please click here.
(Editor’s Note: All trademarks mentioned in this article, including company names, product names, and logos, are the property of their respective owners. Use of these trademarks is for informational purposes only and does not imply any endorsement.)
Molly is the Founder, Publisher, and Editor-in-Chief of Components Source Network, the industry’s first and only known 100% woman- and disability-owned and led B2B publishing platform serving the global high-tech manufacturing and engineering sectors. Her portfolio includes AI + Quantum Tech Monthly and ten additional specialized e-news publications. With more than 25 years of experience spanning strategic technical marketing, public relations, and business development in highly specialized technical markets, she also leads Embassy Global, LLC, a virtual consultancy that has supported the growth of more than 200 high-tech industry brands worldwide since 2008. In addition to her publishing and advisory work, Molly has been appointed to serve as Second Vice Chair of the Government Team for the Women’s Business Enterprise National Council (WBENC) Forum, beginning in 2026, supporting policy development and advocacy initiatives advancing women-owned businesses. A long-standing voice for small business, supplier diversity, and women in STEM, she was also a 2025 finalist for the WBEC Metro New York Outstanding Advocate Award. Connect with her on LinkedIn.
- Qubic Sells Cryogenic Amplifiers to Quantum Machines - June 2, 2026
- EPFL Launches Cloud Access to Quantum Computers - May 30, 2026
- Monash University Advances Photonic Chip for Quantum Technologies - May 30, 2026