CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 28, 2026

IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”

Security Week Archived May 28, 2026 ✓ Full text saved

Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek .

Full text archived locally
✦ AI Summary · Claude Sonnet


    IBM and its subsidiary Red Hat announced Project Lightwell on Thursday, a joint initiative backed by a $5 billion investment and a workforce of more than 20,000 engineers. The project is designed to address the growing operational risks facing corporate digital infrastructure by systematically securing open source software across enterprise supply chains. At the core of the initiative is the establishment of an “enterprise clearinghouse” that leverages artificial intelligence to scale software security. The system will use AI to identify, triage, prioritize, and validate vulnerabilities and fixes across open source code bases. Engineers involved in the project will focus their efforts on active upstream maintenance alongside open source community leaders, high-volume AI-assisted vulnerability reviews, and the development of secure patches and release engineering. The resulting validated patches, capabilities, and lifecycle management features will be delivered to enterprises through commercial software subscriptions. The initiative builds on IBM and Red Hat’s existing commercial open source ecosystem, which currently handles lifecycle management and validation for major enterprise platforms such as Linux, Java, Kubernetes, Kafka, Ansible, Terraform, Flink, and Cassandra. The scale of the undertaking reflects the extensive use of open source software in the enterprise; IBM itself says it currently utilizes more than 62,000 open source packages across its enterprise footprint. “Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” said Arvind Krishna, Chairman and CEO, IBM. “With Project Lightwell, IBM and Red Hat are helping define a new industry model, one that brings together AI, engineering expertise, and trusted collaboration, to secure open source software at its source and across the entire supply chain. This is about strengthening trust in the systems that power business, government, and society.” Initial participants in Project Lightwell include Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa, and Wells Fargo. IBM acquired Red Hat for $34 billion in a deal that was announced in late 2018. WRITTEN BY SecurityWeek News More from SecurityWeek News SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking Ocean Emerges From Stealth With $28M for Agentic Email Security Platform Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution Virtual Event Today: Threat Detection & Incident Response Summit In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws Latest News Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks Geordie Raises $30 Million for AI Security and Governance Platform Carnival Data Breach Exposed 6 Million People New BTMOB Android Malware Enables Full Device Takeover Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails Gitea Vulnerability Exposed 30,000 Deployments to Attacks Raising the Cybersecurity Stakes: Ante up for the Agentic Era Trending Virtual Event: Threat Detection And Incident Response Summit On-Demand Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk In Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the Move Joe Chen has become Chief Technology Officer at Trellix. Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO. SecureAuth has named Mark van Oppen as Chief Revenue Officer. More People On The Move Expert Insights Raising The Cybersecurity Stakes: Ante Up For The Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience Is The New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) Flipboard Reddit Whatsapp Email
    💬 Team Notes
    Article Info
    Source
    Security Week
    Category
    ◇ Industry News & Leadership
    Published
    May 28, 2026
    Archived
    May 28, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗