IBM invests $5 billion to strengthen open-source software security as AI threats grow

IBM has committed $5 billion toward a new initiative aimed at improving the security of open-source software, as concerns grow over vulnerabilities in widely used code and the rising role of artificial intelligence in cyberattacks.

The initiative, called Project Lightwell, will deploy engineers and AI-driven tools to help organisations identify, manage, and fix security weaknesses across the open-source software supply chain.

Open-source software, which is freely available and widely modified by developers, forms the backbone of most modern enterprise systems. However, its widespread use has also made it increasingly attractive to hackers, particularly as AI tools lower the barrier for discovering and exploiting flaws.

IBM said the programme is being developed in collaboration with its hybrid cloud subsidiary Red Hat and has already been tested with major financial institutions including Bank of America, JPMorgan Chase, and Visa.

IBM: A central hub for securing global software supply chains

The company described Project Lightwell as a centralised “clearinghouse” designed to coordinate how security vulnerabilities are reported, verified, and resolved across complex software systems used by enterprises.

IBM senior vice president of software, Rob Thomas, said the platform will launch as a commercial service within the next 30 days. It will operate on a subscription model, with pricing likely tied to the volume of software packages managed by each client.

Thomas explained that the system will provide companies with a form of certification that confirms whether their open-source software components are safe for production use.

The platform will also allow organisations to confidentially report vulnerabilities, access verified fixes, and contribute improvements back to the wider open-source community.

Expanding Red Hat’s security model beyond enterprise platforms

Project Lightwell extends Red Hat’s traditional approach of securing software within its own ecosystem to a broader range of open-source components, including libraries and artificial intelligence frameworks used across different industries.

The system is designed to secure software throughout its lifecycle, from development to deployment, allowing companies to integrate tested security patches directly into their existing infrastructure.

IBM said the growing complexity of modern software systems, combined with increased reliance on open-source tools, has made coordinated security management more urgent than ever.

The company added that AI-powered development is accelerating both innovation and risk, making proactive supply chain security a critical priority for global enterprises.

Rivian Set to Deliver First R2 SUVs as Orders Open June 9