IBM commits $5 billion to Project Lightwell, deploying AI to combat cyber threats in open source

Exclusive: IBM launches $5 billion AI push to combat cyber threats

Why it matters: AI is supercharging cyberattacks, pushing companies to adopt the same technology to defend against threats. Driving the news: "Project Lightwell" -- the new initiative by IBM and Red Hat, its open source software subsidiary -- uses frontier AI capabilities to establish a "clearinghouse" to identify and fix vulnerabilities at scale. IBM and Red Hat's new "Project Lightwell" uses frontier AI capabilities to establish a "clearinghouse" to identify and fix vulnerabilities at scale. * Bank of America, JPMorganChase, Visa, Mastercard, Wells Fargo and Morgan Stanley are early adopters of the platform. How it works: Red Hat's cyber tools have focused on software running within Red Hat platforms. * Project Lightwell expands those protections to a broader set of open source technologies, including AI frameworks, coding libraries and data streaming platforms such as Apache Kafka. * Part of the $5 billion is going toward the 20,000 engineers, who are all current IBM employees and will be dedicated to the project full-time. What we're watching: IBM CEO Arvind Krishna said he expects the government to be very interested in a solution like Project Lightwell: "We believe that at least some people in the government are looking for the private sector to step up with an answer like this." * "Over the last few weeks, ever since Mythos came out, there have been a lot of conversations with very senior levels of the government. We did put forward that something like this could be one of the potential responses, so that has been discussed," Krishna said. * The White House last week pulled an AI executive order following internal disagreements over how exactly to address cybersecurity fears and to what extent AI should be regulated. * Krishna said he also expects the project to expand beyond the financial sector in a matter of days or weeks, not months. The big picture: More than 90% of Fortune 500 companies rely on open source software, while the AI boom has fueled a dramatic increase in the volume of open source code.

IBM commits $5 billion to secure open-source software

The initiative, called Project Lightwell, seeks to create a "clearinghouse" for open source security, establishing a model for managing risks across the software supply chain. IBM said on Thursday it has committed $5 billion to an initiative that will deploy engineers and AI tools to help companies better secure open source software. The initiative, called Project Lightwell, seeks to create a "clearinghouse" for open source security, establishing a model for managing risks across the software supply chain. Open source ⁠software ⁠is freely available code that anyone can use and modify, and powers the technology systems of most companies. Its widespread use, however, has made it a prime target for hackers at a time when AI is making it easier for bad actors to find and exploit security flaws. IBM and its hybrid cloud unit Red ⁠Hat have piloted the initiative with a few companies, including Bank of America, JPMorgan Chase and Visa, to refine how the ⁠system identifies and fixes vulnerabilities across complex enterprise software. The service will launch "as a commercial offering in the next 30 days," IBM's senior vice president of software, Rob Thomas, told Reuters. Thomas said the service, offered via subscriptions likely priced by the number of packages used, provides clients with a "stamp of approval from the clearinghouse that their open source is safe to use in production." Project Lightwell will be a central hub where companies can confidentially report security flaws, receive tested fixes and share ⁠those fixes with the broader open source community. Designed to secure software across its full life cycle - from development through to production environments - it will allow businesses to plug vetted security patches directly into their existing systems. Project Lightwell expands Red Hat's traditional approach of securing software within its own platforms to cover a broader ecosystem of independent open source components, including libraries and AI frameworks.

IBM, Red Hat Pledge $5 Billion for AI-Driven Open Source Security Initiative

International Business Machines and Red Hat have committed $5 billion to establish a new model for open-source software, aiming to secure software supply chains for enterprises. Under the new project, dubbed Project Lightwell, the companies said Thursday they will deploy a global force of 20,000 engineers, supported by advanced artificial intelligence, to establish a trusted enterprise clearinghouse. The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to identify, test and fix security vulnerabilities across massive volumes of open-source code. The capabilities will be available through commercial subscriptions, allowing enterprises to report bugs within open-source frameworks and receive validated, production-ready patches that can be directly integrated into their software supply chains. IBM said that more than 90% of Fortune 500 companies currently rely heavily on open-source software, with new AI models making it easier for bad actors to find and exploit software vulnerabilities. IBM and Red Hat added they have already begun collaborating with a select group of early adopters on Project Lightwell, including Bank of America, Citi, Goldman Sachs, Morgan Stanley, Visa and Wells Fargo. "Open source is the backbone of today's digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured and scaled," IBM Chief Executive Arvind Krishna said. "With Project Lightwell, IBM and Red Hat are helping define a new industry model, one that brings together AI, engineering expertise and trusted collaboration, to secure open source software at its source and across the entire supply chain," he added.