Red Hat and its parent IBM have committed an eye-popping $5 billion to Project Lightwell, a new subscription-based patching service for enterprises running business-critical systems that can’t risk the disruption of updating open-source software in production. It is the largest known commitment specifically targeting open-source software supply chain security — dwarfed only by Google’s broader $10 billion cybersecurity pledge in 2021, which also covered zero-trust and workforce training.

IBM pointed to the initial April release of Anthropic’s Claude Mythos Preview model as a driver for Lightwell. Anthropic’s Project Glasswing — a coordinated defense initiative launched in April with 50 partners, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks — uses Mythos to scan open-source software.

Days after the IBM Lightwell launch, Anthropic announced that the Glasswing partnership has expanded to 150 organizations, including those that supply critical infrastructure covering industries such as power, water, healthcare, communications and hardware.

Related:Why Security Leadership Makes or Breaks a Pen Test

At the same time, the Cloud Security Alliance published a research note stressing the need for collaboration on Project Glasswing, because AI-driven discovery of open-source vulnerabilities is outpacing the ability to patch them.

The report noted that as of late May, Anthropic had disclosed 1,596 vetted vulnerabilities to maintainers across 281 projects, and only 97 had been patched — a fix rate of roughly 6 percent. The standard 90-day coordinated disclosure window, the CSA noted, was designed for human-speed discovery, not for an AI model capable of scanning 1,000 codebases in a single month.

Anthropic emphasized that several maintainers are now severely capacity-constrained, and some have asked the company to slow its disclosure rate because they simply can’t keep up. According to Anthropic, the average time to patch a high- or critical-severity bug disclosed through Glasswing is two weeks.

IBM itself joined Anthropic’s Project Glasswing on May 19 — before the Lightwell launch — committing to hardening its own products and contributing fixes back to open-source projects through coordinated disclosure. “The collaboration makes the entire ecosystem stronger,” Rob Thomas, IBM’s senior vice president of software and chief commercial officer, said in a statement.

Mythos Delivered a Wakeup Call

Gunnar Hellekson, VP and general manager of Red Hat Enterprise Linux, agrees that AI-enabled vulnerability discovery has outpaced the ability to patch them. “CVEs were already growing unmanageably,” Hellekson tells Dark Reading. “The Mythos event woke everybody up to the idea that we should be using AI tools to scan our own code, and we are now discovering vulnerabilities far faster than they can be remediated.”

Related:Bad Memories Still Haunt AI Agents

The Mythos story took a striking turn in the weeks after IBM’s Lightwell’s launch. On June 9, Anthropic released Claude Fable 5 — the first publicly available Mythos-class model— alongside an updated Claude Mythos 5 for vetted Glasswing partners. Both models carry safeguards that block responses to specific high-risk cybersecurity queries, defaulting to the less capable Claude Opus 4.8 in those cases.

Nevertheless, three days later, on June 12, the Commerce Department’s Bureau of Industry and Security issued an emergency export‑control directive ordering Anthropic to block all access to Fable 5 and Mythos 5 for foreign nationals, including its own non-U.S. employees. Lacking a reliable way to filter users by nationality in real time, Anthropic shut down both models globally within 90 minutes.

In the latest turn of events, the Commerce Department cleared Anthropic’s Mythos 5 model for limited redeployment last week, and this week lifted the restrictions.

Related:And the Winner in Dominant Malware Delivery? ClickFix

Meanwhile, Red Hat and IBM say Project Lightwell was designed to close the gap between discovery and patching. Lightwell identifies vulnerabilities in whatever version of open-source software an enterprise has in production, develops a backported fix for that specific version and delivers a signed, validated patch with contractual SLAs — without demanding that organizations upgrade or recertify their production environments.

For heavily regulated industries, where changing a dependency might trigger months of compliance reviews, that could be significant. IBM is actively involved in more than 61,700 open-source packages, with deep lifecycle management expertise across more than 10,600 of them, including Linux, Java, Kubernetes, Kafka, Ansible and Terraform.

Large Banks Tapped as Design Partners

IBM said it is launching the service with 11 design partners — Bank of America, BNY, Citi, Goldman Sachs, JPMorgan Chase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa and Wells Fargo.

IBM and Red Hat are dedicating 20,000 engineers to the effort, using two recently launched tools — IBM Bob, an agentic AI development platform that spans the entire software lifecycle, and Concert Secure Coder, which detects vulnerabilities in real time as developers write code.

IBM and Red Hat announced another expansion of Lightwell last week — a collaboration with Deloitte that targets regulated software supply chains. Deloitte will assign engineers to help enterprise clients map open-source components across their applications, maintain continuous software bills of materials (SBOMs), and manage the installation and validation of Lightwell-provided patches.

The partnership with Deloitte also includes regulatory breach-reporting support and coordinated upstream disclosure to maintainers. IBM’s VP of service partners, Savio Rodrigues, described in a statement Lightwell as bringing together “the engineering, automation and ecosystem partnerships needed to tackle this risk at scale.

Where is IBM’s watsonx?

Dan Lorenc, co-founder and CEO of Chainguard and a former Google engineer who led its software supply chain security initiatives, ridiculed IBM’s $5 billion investment and 20,000-engineer commitment on LinkedIn. Lorenc suggested Chainguard can address Mythos by earmarking $50,000 and 100 engineers to save open source from Mythos. Despite his sarcasm, Lorenc added: “Seriously, it is great to see IBM do something here too.”

The Lightwell announcement makes no mention of watsonx, IBM’s flagship enterprise AI platform — and IBM declined to say whether Watson or watsonx plays any role in the service.

“IBM has positioned watsonx as the enterprise AI layer across its portfolio, so not confirming its role in a flagship AI-driven security initiative is notable,” says Katie Norton, senior research manager for IDC’s DevSecOps and software supply chain security practice. “It possibly suggests the AI architecture supporting vulnerability discovery may include frontier models outside IBM’s own stack — though it could simply reflect a choice to keep focus on the operational model rather than the AI infrastructure.”

Omdia senior analyst Melinda Marks says there is merit in both approaches. “Red Hat has long been associated with helping developers utilize secure open source, so this significant effort and application of frontier models make good sense,” Marks says. But she acknowledges Lorenc’s efficiency argument. “It does raise questions about how well IBM can address this, even with such a large investment, given that AI makes it possible to make a strong impact with fewer dollars and people.”

Lightwell Late to the Party?

IDC’s Norton points out where she sees Project Lightwell falling behind the competition. “This is a late entrant into a market that has been developing for several years,” she says. The most comparable predecessor is Tidelift, founded in 2017, which built a managed open-source subscription that paid independent maintainers directly to implement security standards, coordinate vulnerability disclosure, and provide contractual commitments to enterprise customers. “Tidelift identified the core problem before the market was ready to fund solving it,” Norton says, noting that Sonar acquired Tidelift in December 2024.

While Sonar pledged at the time to maintain Tidelift’s maintainer partnership model, Norton says it remains to be seen whether that differentiated approach survives full inclusion into SonarQube Advanced Security.

Norton also notes that the market has since become more crowded, with Seal Security, ActiveState, Endor Labs, and Chainguard all offering production-deployed remediation capabilities. “Lightwell brings scale and regulated-industry credibility,” she says. “It does not bring a novel model.”

Structural Limits Still Exist

Cassie Crossley, co-founder and CEO of VulNow and author of O’Reilly’s Software Supply Chain Security, says that there are structural limits to both Lightwell and Chainguard’s approaches. “Both initiatives plan to remediate vulnerabilities for their customers and contribute fixes back to open-source maintainers through coordinated disclosure,” she says.

While Crossley says that is the right approach, most open-source maintainers have limited availability. “Getting those fixes merged into the main branches that most developers actually pull from takes time,” she says. In the meantime, the majority of consumers of those packages remain exposed and unaware.”

Crossley points to the recent compromise in the widely used Axios JavaScript NPM package as a case in point. Between the time a vulnerability fix was confirmed and the CVE was publicly disclosed 154 days later, the vulnerable package was downloaded 2.2 billion times — none of it covered by any commercial remediation pipeline, as documented in VulNow’s Q1 2026 report.

Further, while IBM projects 59,000 CVEs in 2026, she estimates roughly 500,000 security vulnerabilities are quietly fixed by open-source maintainers each year without ever receiving a formal CVE designation. “Frontier AI models can chain those undisclosed low- and medium-severity fixes into novel exploits,” she says. “The invisible vulnerability universe is not just a transparency gap — it’s a latent attack surface.”

Nevertheless, Hellekson maintains that Project Lightwell is built to address upstream problems directly. “Any patches we develop will be released simultaneously to the upstream communities and to Lightwell participants,” he says. “Everyone in the open-source community will benefit from this work.”





Source link

#

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *