Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities

The tech giant’s project could make it easier for businesses to safely use open-source packages.

Published May 28, 2026
Eric Geller's headshot
Senior Reporter
IBM headquarters located in downtown San Francisco is pictured on Aug. 21, 2019.
IBM headquarters in downtown San Francisco is seen on Aug. 21, 2019. The company on Thursday announced a major investment in securing open-source code. Getty Images

IBM will spend $5 billion to help find and fix vulnerabilities in open-source software packages used throughout the business world, the company announced on Thursday.

Through Project Lightwell, IBM will create “a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale,” using AI to validate and test the patches before deployment, the company said. Businesses will be able to subscribe to the patching program for automated deployment of fixes that integrates with their existing life cycle management processes.

“Open source is the backbone of today’s digital economy and the foundation of modern AI, and we are at an inflection point in how it is built, secured, and scaled,” IBM CEO Arvind Krishna said in a statement. “This is about strengthening trust in the systems that power business, government, and society.”

IBM has already been testing the program with major financial institutions including Bank of America, Goldman Sachs, JPMorgan Chase, Mastercard and Visa. The software giant said the lessons it learned from the test phase will inform “how vulnerabilities are identified, validated, and remediated at scale across complex software supply chains.”

Project Lightwell’s clearinghouse will provide a secure environment for businesses to discuss security issues with open-source code, increasing the speed with which open-source maintainers learn about problems while preventing threat actors from exploiting them.

Hackers have increasingly targeted open-source software as its importance to the global technology stack has become more apparent. That exploitation activity has highlighted the weaknesses of the open-source ecosystem, in which mostly volunteer developers struggle to keep up with vulnerability reports — a problem that AI-powered vulnerability discovery has dramatically exacerbated.

The new project from IBM, one of the world’s largest users of open-source code, comes four years after technology giants agreed on a multi-year plan to increase their investments in open-source security. Three months ago, the leading AI companies announced $12.5 million in funding to help offset the challenges that their products have created for open-source maintainers.

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
360 Privacy Expands Senior Leadership as Threats to Executives and High-Profile Individuals Gr…
From 360 Privacy
May 21, 2026
360 Privacy logo

Want to share a company announcement with your peers?

Get started âž”

Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell