IBM and Red Hat invest $5 billion in the future of open source

IBM and Red Hat announce Project Lightwell: a $5 billion investment to secure open source software with AI.

The initiative consists of a trusted clearinghouse combined with a global team of more than 20,000 engineers, supplemented by AI capabilities to detect and remediate vulnerabilities. IBM already uses more than 62,000 open source packages, with in-depth expertise in more than 10,000.

The clearinghouse serves as a secure coordination layer. Enterprises can report sensitive security issues they have discovered in their active software versions. IBM and Red Hat validate and test fixes using AI capabilities, after which companies receive validated patches suitable for production environments. This applies not only to Red Hat products but also to independent open-source libraries, AI frameworks, and data streaming platforms. Fixes are also shared upstream with the broader open-source community.

IBM is building on lessons learned from initiatives such as Anthropic’s Project Glasswing and OpenAI’s Trust Access for Cyber. The clearinghouse model is offered through commercial subscriptions, allowing enterprises to integrate validated patches directly into their existing software supply chains.

AI and 20,000 Engineers

While many technology companies are using AI to reduce technical headcount, IBM is going in the opposite direction. Its team of 20,000 engineers focuses on upstream maintenance alongside open-source community members, AI-assisted vulnerability analysis, and secure patch development. IBM explicitly positions this technical capacity as a strategic differentiator.

A Red Hat report from early 2026 already showed that 97 percent of organizations experienced at least one cloud security incident in the past year, and 74 percent run software with known vulnerabilities. Additionally, Red Hat and OpenSSF are collaborating on compliance with the EU Cyber Resilience Act to protect the open-source supply chain.

For the initial deployments, IBM and Red Hat are collaborating with a group of major financial institutions, including Bank of America, Goldman Sachs, JPMorgan Chase, Mastercard, Visa, and Wells Fargo. Insights from these deployments will further refine the approach to vulnerability management at scale.

Tip: Red Hat is unlocking the future with Model-as-a-Service and AgentOps

Expert Talks

Tech calendar

IBM and Red Hat invest $5 billion in the future of open source

AI and 20,000 Engineers

Stay tuned, subscribe!

Huawei integrates storage and AI into a five-layer infrastructure

SAP blocks external AI agents. Salesforce and ServiceNow don’t.

The call for fundamental software skills is getting louder and louder

Cisco wants to tackle the 80-tool security problem

Buying GPUs doesn't deliver AI value, according to AWS

How to migrate from Redis to Valkey with zero downtime

How JFrog secures binaries in the age of AI coding assistants

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations

Five tips for embracing continuous deployment as a DevOps mindset

The only thing constant in technology is change, except for unrealistic hopefulness

mnemonic opens Dutch Security Operations Centre (SOC) and relocates to new office in Utrecht

Infosecurity Europe

.NEXT On Tour Amsterdam

Oxygenate

Google Cloud AI Live

VivaTech

GITEX AI EUROPE 2026

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices