The Gap Between Finding Bugs and Fixing Them
Here's the problem that woke up the entire open-source security world in April 2026: Anthropic's Claude Mythos Preview model started scanning open-source codebases at a pace no human team could match. Within weeks, the company had disclosed 1,596 vetted vulnerabilities across 281 projects. Only 97 had been patched. That's a fix rate of roughly six percent.
The Cloud Security Alliance published a research note that basically said what everyone was thinking — the standard 90-day coordinated disclosure window was designed for human-speed discovery. It wasn't built for an AI model that can scan a thousand codebases in a single month. Several maintainers, Anthropic reported, were now so capacity-constrained they'd asked the company to slow down.
The average time to patch a high- or critical-severity bug disclosed through Anthropic's Project Glasswing? Two weeks. Two weeks while the vulnerability sits there, known but unpatched, waiting for someone with limited bandwidth and no army behind them.
That's the gap IBM and Red Hat just decided to fill with five billion dollars.
What Project Lightwell Actually Is
Lightwell is a subscription-based patching service for enterprises running business-critical systems that can't afford to update open-source software in production. Not because the patches aren't good — because changing a dependency might trigger months of compliance reviews in heavily regulated industries.
Here's how it works: Lightwell identifies vulnerabilities in whatever version of open-source software an enterprise has running right now, develops a backported fix for that specific version, and delivers a signed, validated patch with contractual SLAs. No upgrade required. No recertification of production environments. You keep running what you're running, and the holes get plugged.
IBM is throwing 20,000 engineers at this. They're using two recently launched tools — IBM Bob, an agentic AI development platform that spans the entire software lifecycle, and Concert Secure Coder, which detects vulnerabilities in real time as developers write code. IBM itself is actively involved in more than 61,700 open-source packages, with deep lifecycle management expertise across over 10,600 of them including Linux, Java, Kubernetes, Kafka, Ansible and Terraform.
The design partners launching the service are all financial institutions: Bank of America, BNY Mellon, Citi, Goldman Sachs, JPMorgan Chase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa and Wells Fargo. Makes sense — these are the organizations that can't afford to break production, but also can't afford to run unpatched dependencies.
The Mythos Catalyst and the Export-Control Whiplash
You can't talk about Lightwell without talking about what triggered it. Anthropic's Project Glasswing — a coordinated defense initiative launched in April with 50 partners including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks — uses Mythos to scan open-source software for vulnerabilities.
Days after IBM announced Lightwell, Anthropic said Glasswing had expanded to 150 organizations, including those supplying critical infrastructure across power, water, healthcare, communications and hardware. The scale of this is hard to overstate.
Then things got weird. On June 9, Anthropic released Claude Fable 5 — the first publicly available Mythos-class model — alongside an updated Claude Mythos 5 for vetted Glasswing partners. Both models carry safeguards that block responses to specific high-risk cybersecurity queries, defaulting to the less capable Claude Opus 4.8 in those cases.
Three days later, on June 12, the Commerce Department's Bureau of Industry and Security issued an emergency export-control directive ordering Anthropic to block all access to Fable 5 and Mythos 5 for foreign nationals, including its own non-U.S. employees. Lacking a reliable way to filter users by nationality in real time, Anthropic shut down both models globally within 90 minutes.
The Commerce Department later cleared Mythos 5 for limited redeployment and this week lifted the restrictions entirely. But that episode exposed something uncomfortable: frontier AI models capable of finding vulnerabilities at this scale are now subject to geopolitical control, and the infrastructure for enforcing those controls doesn't really exist yet.
The Efficiency Argument Nobody Can Ignore
Dan Lorenc, co-founder and CEO of Chainguard and a former Google engineer who led its software supply chain security initiatives, didn't hold back. On LinkedIn, he ridiculed IBM's $5 billion investment and 20,000-engineer commitment. His counter-proposal: earmark $50,000 and 100 engineers. Save open source from Mythos.
Despite the sarcasm, Lorenc added: "Seriously, it is great to see IBM do something here too."
IDC's Katie Norton pointed out that Lightwell is a late entrant into a market that's been developing for years. Tidelift, founded in 2017, built a managed open-source subscription that paid independent maintainers directly to implement security standards and coordinate vulnerability disclosure. Sonar acquired Tidelift in December 2024. The market now also includes Seal Security, ActiveState, Endor Labs and Chainguard — all offering production-deployed remediation capabilities.
"Lightwell brings scale and regulated-industry credibility," Norton said. "It does not bring a novel model."
Omdia's Melinda Marks acknowledged the merit in both approaches but noted the tension: "It does raise questions about how well IBM can address this, even with such a large investment, given that AI makes it possible to make a strong impact with fewer dollars and people."
The efficiency argument is fair. But here's the thing Lorenc might be underestimating: regulated industries don't just need vulnerability fixes. They need contractual SLAs, audit trails, compliance documentation and the institutional credibility that comes from having a company with 80 years of enterprise relationships standing behind the patch.
The Missing watsonx Question
Here's something odd: the Lightwell announcement makes no mention of watsonx, IBM's flagship enterprise AI platform. When asked whether Watson or watsonx plays any role in the service, IBM declined to say.
"IBM has positioned watsonx as the enterprise AI layer across its portfolio, so not confirming its role in a flagship AI-driven security initiative is notable," Norton said. "It possibly suggests the AI architecture supporting vulnerability discovery may include frontier models outside IBM's own stack — though it could simply reflect a choice to keep focus on the operational model rather than the AI infrastructure."
That's a fair read. If IBM is leveraging Anthropic's Mythos-class models for vulnerability discovery (which would make sense given the Glasswing partnership), then watsonx might not be in the picture at all. Or it could be handling orchestration and policy layers underneath. Either way, the silence is deliberate and worth watching.
Structural Limits: Why Five Billion Doesn't Solve Everything
Cassie Crossley, co-founder and CEO of VulNow and author of O'Reilly's Software Supply Chain Security, laid out the structural problem that no amount of funding fully resolves. Both Lightwell and Chainguard plan to remediate vulnerabilities for customers and contribute fixes back to open-source maintainers through coordinated disclosure. That's the right approach.
But most open-source maintainers have limited availability. Getting those fixes merged into the main branches that most developers actually pull from takes time. In the meantime, the majority of consumers of those packages remain exposed and unaware.
Crossley pointed to the recent compromise in the widely used Axios JavaScript NPM package as a case in point. Between the time a vulnerability fix was confirmed and the CVE was publicly disclosed — 154 days later — the vulnerable package was downloaded 2.2 billion times. None of it covered by any commercial remediation pipeline.
Further, while IBM projects 59,000 CVEs in 2026, Crossley estimates roughly 500,000 security vulnerabilities are quietly fixed by open-source maintainers each year without ever receiving a formal CVE designation. "Frontier AI models can chain those undisclosed low- and medium-severity fixes into novel exploits," she said. "The invisible vulnerability universe is not just a transparency gap — it's a latent attack surface."
Hellekson maintains that Lightwell patches will be released simultaneously to upstream communities and participants. "Everyone in the open-source community will benefit from this work," he said.
Whether that actually closes the gap — or just moves the needle a few percentage points on an already unwieldy problem — remains to be seen. Five billion dollars is a lot. But the vulnerability surface area is growing faster than any single initiative, no matter how well-funded, can fully address.