News, news analysis, and commentary on the latest trends in cybersecurity technology.

IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source software supply chain.

July 2, 2026

Red Hat and its parent IBM have committed an eye-popping $5 billion to Project Lightwell, a new subscription-based patching service for enterprises running business-critical systems that can't risk the disruption of updating open-source software in production. It is the largest known commitment specifically targeting open-source software supply chain security — dwarfed only by Google's broader $10 billion cybersecurity pledge in 2021, which also covered zero-trust and workforce training.

IBM pointed to the initial April release of Anthropic's Claude Mythos Preview model as a driver for Lightwell. Anthropic's Project Glasswing — a coordinated defense initiative launched in April with 50 partners, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks — uses Mythos to scan open-source software.