IBM Red Hat Project Lightwell $5 billion open-source security

NurPhoto / Getty Images

IBM $IBM +4.45% and Red Hat announced Project Lightwell on Thursday, a $5 billion commitment to help enterprises secure open-source software using a combination of AI tools and more than 20,000 engineers.

At the heart of the initiative is what IBM and Red Hat call a trusted enterprise clearinghouse, where advanced AI capabilities are used to vet and verify patches at a scale that spans large portions of the open-source ecosystem. The service will be offered through commercial subscriptions, the company said, allowing enterprises to integrate vetted patches directly into their software supply chains.

IBM and Red Hat have already begun piloting the project with a group of financial institutions, including Bank of America $BAC -0.16%, BNY, Citi, Goldman Sachs $GS -0.40%, JPMorganChase, Mastercard $MA -0.80%, Morgan Stanley $MS +0.54%, Royal Bank of Canada, State Street $STT -0.53%, Visa $V -1.36%, and Wells Fargo $WFC +1.14%, the company said. The commercial offering will launch within 30 days, Rob Thomas, IBM's senior vice president of software, told Reuters.

Under the clearinghouse structure, participating enterprises gain access to a confidential channel for disclosing security weaknesses, production-ready patches developed and tested by IBM and Red Hat engineers, and a mechanism for contributing those solutions back to the wider open-source ecosystem, the company said.