IBM and Red Hat are teaming up to secure open source software with AI.
The initiative, to be called Project Lightwell, will establish a “trusted enterprise clearinghouse,” where AI will be backed up by more than 20,000 engineers around the world with the aim of identifying and fixing vulnerabilities at scale, the companies said.
The project will create a “new model” for enterprise use of open source software, which is now ubiquitous at many leading companies, according to the companies. IBM alone uses more than 62,000 OSS packages, with deep expertise in more than 10,000, including Linux, Java and Terraform.
However, as the OSS rollout has gathered momentum, concerns about security have accelerated, too, as underscored by the 23,019 vulnerabilities detected by Anthropic’s powerful Claude Mythos model over the past few weeks across 1,000 projects.
According to IBM and Red Hat, the clearinghouse will serve as a “security coordination layer” where advanced AI capabilities will be used to validate and test fixes. This functionality will be offered by way of commercial subscriptions, meaning enterprises that sign up will be able to integrate secure patches directly into their software supply chain.
The specific process will enable enterprises to share sensitive security problems within a trusted framework, before receiving patches optimized for production environments, and share fixes upstream to aid longer-term maintenance.
IBM’s Rob Thomas, senior vice president of software, told Reuters that the commercial launch will be in the next 30 days and that the subscription price is likely to be determined by the number of packages the enterprise uses.
An early pilot has already been conducted with a host of major financial services companies, including Bank of America, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, Visa and Wells Fargo. Insights gained from these initial deployments will shape the commercial service, according to IBM and Red Hat, a subsidiary of IBM.
“Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” Arvind Krishna, IBM chairman and CEO, said in a statement. Project Lightwell, he said, will “bring together AI, engineering expertise, and trusted collaboration, to secure open source software at its source and across the entire supply chain.”
