ARMONK, N.Y., May 28, 2026 — IBM (NYSE: IBM) and Red Hat today announced Project Lightwell, a $5 billion commitment backed by new frontier AI capabilities and a global force of more than 20,000 engineers to help enterprises secure open source software. Together, these investments establish a new model for enterprise use of open source software, from upstream development through production environments.
Project Lightwell will establish a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale. The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to validate and test fixes across an unprecedented volume of open source code. These capabilities will be offered through commercial subscriptions, allowing enterprises to integrate secure patches directly into their existing software supply chains with enterprise-grade validation and lifecycle management.
Open source software underpins modern enterprise infrastructure, with more than 90% of Fortune 500 companies relying on OSS[1]. At the same time, advances in frontier AI are accelerating vulnerability discovery and exploitation. Anthropic recently reported that its Mythos Preview model identified nearly 3,900 high- or critical-severity vulnerabilities in open source software alone[2].
