Project Lightwell brings open source security into the AI era

Open source software powers more than 90% of Fortune 500 companies. It also powers a growing number of cyberattacks.

This week on Security Intelligence, we dig into IBM and Red Hat's $5 billion answer to that problem: Project Lightwell, a massive investment in AI-augmented engineers and a trusted security clearinghouse designed to shore up the open source ecosystem from the inside out.

We also break down SymJack, a clever new attack technique that turns AI coding agents against themselves by tricking them into overwriting their own configuration files. And the most worrisome part is how it gets around human-in-the-loop checks.

And: LayerX's "State of AI Usage Report 2026" shows AI adoption isn't spreading evenly across organizations. We explore what it means for cybersecurity pros when AI fragments throughout the software supply chain while simultaneously concentrating in the hands of a few power users.

Segments:

00:00 - Intro
1:05 - Project Lightwell
12:51 - SymJack
26:11 - AI usage in 2026

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence