IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under "Project Lightwell"

IBM and its subsidiary Red Hat announced Project Lightwell on Thursday, a joint initiative backed by a $5 billion investment and a workforce of more than 20,000 engineers. The project is designed to address the growing operational risks facing corporate digital infrastructure by systematically securing open source software across enterprise supply chains.

At the core of the initiative is the establishment of an “enterprise clearinghouse” that leverages artificial intelligence to scale software security. The system will use AI to identify, triage, prioritize, and validate vulnerabilities and fixes across open source code bases. Engineers involved in the project will focus their efforts on active upstream maintenance alongside open source community leaders, high-volume AI-assisted vulnerability reviews, and the development of secure patches and release engineering.

The resulting validated patches, capabilities, and lifecycle management features will be delivered to enterprises through commercial software subscriptions. The initiative builds on IBM and Red Hat’s existing commercial open source ecosystem, which currently handles lifecycle management and validation for major enterprise platforms such as Linux, Java, Kubernetes, Kafka, Ansible, Terraform, Flink, and Cassandra.