IBM and its subsidiary Red Hat will invest $5 billion to improve open-source software supply chain security and will launch Project Lightwell, the Wall Street Journal reported on May 28.

The two companies will use AI to build an enterprise clearinghouse that detects, tests and fixes security vulnerabilities in large-scale open-source code. They will deploy 20,000 engineers worldwide for the effort.

The clearinghouse being built by IBM and Red Hat will be offered as a commercial subscription service. If a company reports a bug within an open-source framework, it can receive a patch and integrate it directly into its software supply chain.

IBM says more than 90 percent of Fortune 500 companies rely heavily on open-source software. As AI models evolve, voices of concern are growing that attackers can more easily find and exploit vulnerabilities.

Bank of America, Citi, Goldman Sachs, Morgan Stanley, Visa and Wells Fargo were named as early adopters of the IBM clearinghouse.

Arvind Krishna (아르빈드 크리슈나), IBM's CEO, said, "Open source is the foundation of today's digital economy and the basis of modern AI," adding, "With Project Lightwell, we will combine AI, engineering expertise and trust-based collaboration to protect open-source software from its origin across the entire supply chain."