IBM and Red Hat want to become the 'security clearinghouse' for open source applications in the enterprise

IBM and Red Hat want to become the 'security clearinghouse' for open source applications in the enterprise

Briefly

"The $5 billion Project Lightwell initiative combines AI systems with 20,000 engineers to deliver validated fixes directly into enterprise software supply chains without disruptive upgrades."

"Announced today, the project will commit $5 billion and 20,000 IBM and Red Hat engineers to build a new 'enterprise clearinghouse' to accelerate discovery and remediation of vulnerabilities in open source software. The companies say the clearinghouse will serve as an AI-powered "security coordination layer," giving enterprises the ability to integrate patches directly into their existing software supply chains."

""The advancement in AI tools has broken the patching map, which is the ability to discover vulnerabilities in software without losing the speed of remediation," Ashesh Badani, Red Hat SVP and CPO, told CSOonline. "Everyone's running open source software, and the challenge is not being able to fix vulnerabilities quickly enough.""

"Open source security issues have been well documented: Almost 50,000 common vulnerabilities and exposures (CVEs) were published in 2025, and Anthropic's Project Glasswing, powered by its Mythos Preview model, found roughly 3,900 previously undiscovered high or critical severity vulnerabilities in open source software shortly after launch."