IBM has launched a $5 billion initiative to secure open-source software after Anthropic’s AI model Mythos demonstrated an alarming ability to uncover critical vulnerabilities across enterprise codebases.
IBM has unveiled a $5 billion cybersecurity initiative called Project Lightwell aimed at protecting open-source software from increasingly sophisticated AI-driven threats, after advanced AI models exposed alarming vulnerability risks across enterprise codebases.
According to IBM CEO Arvind Krishna, the trigger behind the investment was Anthropic’s AI model Mythos, which demonstrated a powerful capability to identify exploitable weaknesses in software systems.
“Mythos was the critical triggering factor on this,” Krishna said, adding that advanced large language models are now “remarkably adept at finding vulnerabilities” in both proprietary and open-source code.
The initiative positions open-source infrastructure as a growing cyber battleground as AI tools become capable of accelerating vulnerability discovery and exploitation at scale.
Project Lightwell will be backed by more than 20,000 engineers from IBM and Red Hat, with the companies focusing on patch management, vulnerability detection and enterprise software hardening.
Major US financial institutions including Goldman Sachs, Morgan Stanley, JPMorgan Chase and Bank of America have already signed on as early adopters.
“They will use the latest tools to figure out where they might have a vulnerability and where there isn’t a patch that is already available,” Krishna said.
IBM linked the urgency behind the initiative to Project Glasswing, where technology and security leaders reportedly previewed Mythos ahead of its wider release.
Krishna said the initiative would complement, rather than compete with, traditional cybersecurity firms by focusing on software protection and patching capabilities.
