IBM invests $5 billion for a cybersecurity initiative called Project Lightwell

IBM has announced a $5 billion cybersecurity initiative called Project Lightwell, aimed at protecting open-source software from highly advanced AI threats. The company has enlisted its subsidiary Red Hat, and the project is backed by a global force of more than 20,000 engineers. According to IBM CEO Arvind Krishna, the catalyst for this enormous investment was the capability of Anthropic’s powerful AI model, Mythos, which found software vulnerabilities and worried banks and governments worldwide.

Project Lightwell will establish a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale. The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to validate and test fixes across an unprecedented volume of open source code. These capabilities will be offered through commercial subscriptions, allowing enterprises to integrate secure patches directly into their existing software supply chains with enterprise-grade validation and lifecycle management.

“Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” said Arvind Krishna, Chairman and CEO, IBM. “With Project Lightwell, IBM and Red Hat are helping define a new industry model—one that brings together AI, engineering expertise, and trusted collaboration—to secure open-source software at its source and across the entire supply chain. This is about strengthening trust in the systems that power business, government, and society.”

Project Lightwell builds on IBM and Red Hat’s proven enterprise open source model, extending it beyond their traditional product footprint. IBM already uses more than 62,000 open source packages, with deep expertise in over 10,000. Across technologies like Linux, Java, Kubernetes, Kafka, Ansible, Terraform, Flink, Cassandra and more, the companies operate one of the industry’s broadest commercial open source ecosystems, historically providing lifecycle management, validation, and patching for components within their platforms. Now, IBM and Red Hat are applying the same engineering discipline to the broader application landscape, including independent libraries, language toolchains, AI frameworks, and data streaming platforms.