Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

IBM betting $5B it can fix bugs that Anthropic AI has found!

By Peter Vogel on July 6, 2026
Email this postTweet this postLike this postShare this post on LinkedIn
IBM Mainframe - one the most storied technology brands on the planet.
Carson Masterson, Unsplash

DarkReading.com reported that “IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic’s Mythos findings ignite debate over how to secure the open-source software supply chain.”  The July 2, 2026 article entitled ” Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them” (https://www.darkreading.com/vulnerabilities-threats/anthropic-s-ai-finds-bugs-ibm-bets-5b-it-can-fix-them-) included these comments:

Red Hat and its parent IBM have committed an eye-popping $5 billion to Project Lightwell, a new subscription-based patching service for enterprises running business-critical systems that can’t risk the disruption of updating open-source software in production. It is the largest known commitment specifically targeting open-source software supply chain security — dwarfed only by Google’s broader $10 billion cybersecurity pledge in 2021, which also covered zero-trust and workforce training.

IBM pointed to the initial April release of Anthropic’s Claude Mythos Preview model as a driver for Lightwell. Anthropic’s Project Glasswing — a coordinated defense initiative launched in April with 50 partners, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks — uses Mythos to scan open-source software.

Days after the IBM Lightwell launch, Anthropic announced that the Glasswing partnership has expanded to 150 organizations, including those that supply critical infrastructure covering industries such as power, water, healthcare, communications and hardware.

At the same time, the Cloud Security Alliance published a research note stressing the need for collaboration on Project Glasswing, because AI-driven discovery of open-source vulnerabilities is outpacing the ability to patch them.

The report noted that as of late May, Anthropic had disclosed 1,596 vetted vulnerabilities to maintainers across 281 projects, and only 97 had been patched — a fix rate of roughly 6 percent. The standard 90-day coordinated disclosure window, the CSA noted, was designed for human-speed discovery, not for an AI model capable of scanning 1,000 codebases in a single month.

Anthropic emphasized that several maintainers are now severely capacity-constrained, and some have asked the company to slow its disclosure rate because they simply can’t keep up. According to Anthropic, the average time to patch a high- or critical-severity bug disclosed through Glasswing is two weeks.

IBM itself joined Anthropic’s Project Glasswing on May 19 — before the Lightwell launch — committing to hardening its own products and contributing fixes back to open-source projects through coordinated disclosure. “The collaboration makes the entire ecosystem stronger,” Rob Thomas, IBM’s senior vice president of software and chief commercial officer, said in a statement.

Anyone surprised?

First published at https://www.vogelitlaw.com/blog/ibm-betting-5b-it-can-fix-bugs-that-anthropic-ai-has-found

Tags: AI
  • Posted in:
    E-Discovery, Technology and AI
  • Blog:
    Internet, IT & e-Discovery
  • Organization:
    Peter S. Vogel PC
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo