AI Found 3,900 Critical Open Source Bugs. IBM Is Paying $5B to Fix Them (linuxstans.com)

IBM, in collaboration with Red Hat, has announced a significant $5 billion investment in Project Lightwell, a security initiative aimed at addressing the growing crisis of open source software vulnerabilities. This comes in response to a recent discovery by Anthropic’s Mythos Preview AI model, which identified 3,900 high or critical-severity vulnerabilities in open-source code—a staggering figure that underscores the urgency for comprehensive security measures. As reliance on open-source solutions increases, with over 90% of Fortune 500 companies utilizing this software, the need for effective vulnerability remediation has never been more pressing. Project Lightwell will create a coordinated security clearinghouse that enables enterprises to report vulnerabilities securely, facilitating prompt validation and backporting of fixes to existing software versions without necessitating disruptive upgrades. With a dedicated team of 20,000 engineers leveraging advanced AI tools for high-volume vulnerability triage and patch generation, the initiative aims to improve response times and maintain open-source project integrity. Banking giants and financial institutions are already participating, highlighting the acute need for this robust security framework, particularly as the volume of disclosed vulnerabilities is projected to surge from 40,000 in 2024 to 59,000 by 2026. The project holds the potential to greatly enhance the overall security posture of the open-source ecosystem, but its success will hinge on the quality of AI-generated patches and adherence to upstream community interests.