IBM and Red Hat Invest $5 Billion in AI-Powered Open-Source Security

IBM and Red Hat have introduced Lightwell, an ambitious initiative aimed at improving the security of open-source software. The companies are investing $5 billion in developing AI models, tools, and assembling a global engineering team to detect and address vulnerabilities at an industrial scale. The project will involve 20,000 specialists, positioning open-source security as a key priority in the software supply chain rather than a secondary routine.

Lightwell will act as an intermediary between enterprises and developer communities. Companies will share data on their open-source software usage, and Lightwell engineers, leveraging AI, will identify vulnerabilities, develop patches, and coordinate their implementation with project maintainers. Special focus will be given to ecosystems like Maven/Java, PyPI, npm, and Go. The project does not include compensating upstream developers but will actively collaborate with them to integrate fixes.

The solution will be offered via subscription, integrating into existing CI/CD and software supply chain management processes. Clients will gain access to verified patches and security management tools through APIs and catalogs. According to IBM representatives, Lightwell will not replace upstream developers but will serve as a "large and organized contributor," accelerating vulnerability remediation without compromising open development principles.