IBM and Red Hat commit $5B and 20,000 engineers to secure open source

Open-source maintainers are being overwhelmed by a surge of security reports, a problem that AI has helped accelerate. Daniel Steinberg, founder and maintainer of cURL, said, "The rate of incoming security reports is four to five times higher than it was in 2024 and double the speed of 2025." He confessed, "I work more than I've done before, but the flood keeps coming." Steinberg asked for more companies "to fund us" so they could then pay more developers to distribute the workload.

IBM and Red Hat answered with Project Lightwell, an AI-powered initiative they described as a "first-of-its-kind force" to find and fix vulnerabilities in open-source software at an industrial scale. The project aims to become a de facto clearinghouse for securing the open-source components that underpin enterprise IT.

It will not pay upstream developers; instead Lightwell provides IBM and Red Hat engineers with AI tools to work on important, business-critical projects.

ibm, red hat, project lightwell, open source, curl, daniel steinberg, security reports, vulnerabilities, ai tools, 20,000 engineers