IBM said on Thursday it has committed US$5-billion (R82-billion) to an initiative that will deploy engineers and AI tools to help companies better secure open-source software.
The initiative, called Project Lightwell, seeks to create a “clearinghouse” for open-source security, establishing a model for managing risks across the software supply chain.
Open-source software is freely available code that anyone can use and modify, and powers the technology systems of most companies. Its widespread use, however, has made it a prime target for hackers at a time when AI is making it easier for bad actors to find and exploit security flaws.
IBM and its hybrid cloud unit Red Hat have piloted the initiative with a few companies, including Bank of America, JPMorgan Chase and Visa, to refine how the system identifies and fixes vulnerabilities across complex enterprise software.
The service will launch “as a commercial offering in the next 30 days”, IBM’s senior vice president of software, Rob Thomas, said in an interview.
Thomas said the service, offered via subscriptions likely priced by the number of packages used, provides clients with a “stamp of approval from the clearinghouse that their open source is safe to use in production”.
Project Lightwell will be a central hub where companies can confidentially report security flaws, receive tested fixes and share those fixes with the broader open-source community.
Vetted
Designed to secure software across its full life cycle — from development through to production environments — it will allow businesses to plug vetted security patches directly into their existing systems.
Read: Apple just dropped a bomb on the Windows world
Project Lightwell expands Red Hat’s traditional approach of securing software within its own platforms to cover a broader ecosystem of independent open source components, including libraries and AI frameworks. — Anhata Rooprai, (c) 2026 Reuters
- Subscribe to TechCentral’s daily newsletter
- Get breaking news alerts on WhatsApp
