IBM's targeted version of Mythos.
Once again riding coattails and scavenging scraps.
https://www.cybersecuritydive.com/news/ibm-open-source-security-ai-project-lightwell/821348/
https://www.cnbc.com/video/2026/05/28/ibm-to-spend-5b-on-new-cybersecurity-platform-for-enterprise-customers.html
Reuters' coverage.
IBM commits $5 billion to secure open-source software --
https://www.reuters.com/legal/transactional/ibm-commits-5-billion-secure-open-source-software-2026-05-28/
By: Anhata Rooprai |
May 28, 2026 5:04 AM CDT Updated 13 hours ago
May 28 (Reuters) - IBM said on Thursday it has committed $5 billion to an initiative that will deploy engineers and AI tools to help companies better secure open source software.
The initiative, called Project Lightwell, seeks to create a "clearinghouse" for open source security, establishing a model for managing risks across the software supply chain.
Open source software is freely available code that anyone can use and modify, and powers the technology systems of most companies. Its widespread use, however, has made it a prime target for hackers at a time when AI is making it easier for bad actors to find and exploit security flaws.
IBM and its hybrid cloud unit Red Hat have piloted the initiative with a few companies, including Bank of America, JPMorgan Chase, and Visa to refine how the system identifies and fixes vulnerabilities across complex enterprise software.
The service will launch "as a commercial offering in the next 30 days," IBM's senior vice president of software, Rob Thomas, told Reuters.
Thomas said the service, offered via subscriptions likely priced by the number of packages used, provides clients with a "stamp of approval from the clearinghouse that their open source is safe to use in production."
Project Lightwell will be a central hub where companies can confidentially report security flaws, receive tested fixes and share those fixes with the broader open source community.
Designed to secure software across its full life cycle — from development through to production environments — it will allow businesses to plug vetted security patches directly into their existing systems.
Project Lightwell expands Red Hat's traditional approach of securing software within its own platforms to cover a broader ecosystem of independent open source components, including libraries and AI frameworks.
You will never see a cent of that money here in US
Bob says show me your source and I'll show you mine.
Oh, really ! It sounds like a major followup to the cr-p product that was IBM's Flagship Security Product in 2019 and 2020 called IBM Bigfix. Bigfix never worked properly in IBM data centers or in the cloud. More often than not, it failed to patch systems which were vulnerable and running on Red Hat LINUX, Windows and worst of all, IBM's own OS, AIX. It even did a lousy job patching IBM Middle-ware. The whole thing was a complete freaking mess and a major clusterf*ck that only IBM could successfully deliver to it's clients, and bill them big bucks for it's failures.
So you have to wonder why they went back to the drawing board and what improvements they made to try again with yet another IBM Security tool ? Sounds like someone was a glutton for punishment and trying to make more $$ by selling cr-p to the unwary. Would never touch any IBM Security product any more - just a total waste of time, effort and money. 20000 engineers dedicated to this project ? Must be all the people (read interns and low level people) they could get in that nightmare place, India, where all the IBM technical jobs disappear to. And all the open source garbage gets hacked most of the time. Notice that there is not one mention of tech support for the product. Why not ? Who is Arvind Krishna fooling ? He always talks about spending $5 Billion and more for such pathetic ventures. The reality is that the IBM cheapskates (executives) will only put in a miserly $200000 or so, and say they are donating code and resources which are worth $4.98 billion. Nothing more than a cheap marketing scam or gimmick. Toy stores do the same things at Christmas; they make you spend your hard earned $$ on some cheapo Chinese made junk, make you pay outrageously high prices to feel good about the stuff you bought for the kids and which will fail completely in less than a day. Strongly suggest people just stay the heck away from IBM, it's crooked executives and lousy fake security products. Ask how many of the clients mentioned are really using IBM's security product in production type environments and are happy with it. That is the proof of how good this stuff is or isn't.