Dubbed “Project Lightwell” and valued at US$5 billion by IBM in a statement, the scheme follows reports of the powerful capabilities of recent AI models in discovering and exploiting holes in computer security.

A subscription service, Lightwell would use “advanced AI capabilities to validate and test fixes across an unprecedented volume of open source code,” IBM said.

Silicon Valley AI developer Anthropic “recently reported that its Mythos Preview model identified nearly 3,900 high- or critical-severity vulnerabilities in open source software alone,” it noted.

Saying it was concerned about the model’s offensive cyber capabilities, Anthropic has released Mythos to a limited set of partners rather than the general public, aiming to secure a head start on fixing vulnerabilities it found.

Open source software such as the Linux operating system, Red Hat’s speciality, is deeply embedded into much of the internet’s infrastructure, as well as in critical sectors like government and finance.

“Early adopters of Lightwell included Bank of America, JPMorganChase and Visa,” IBM said.

It said Lightwell would give clients access to IBM’s “more than 20,000 engineers, augmented by advanced AI capabilities”.

Clients would join a “clearinghouse” through which they could report, fix and share details of security problems in their systems, allowing their experience to benefit other users of similar set-ups.

“This model allows enterprises to engage IBM and Red Hat to resolve critical security issues immediately while strengthening open source overall,” IBM said.