IBM and Red Hat Commit $5B to Secure Software Supply Chains

IBM and Red Hat Commit $5 Billion to Secure Software Supply Chains

International Business Machines and Red Hat have committed $5 billion to establish a new model for open-source software, aiming to secure software supply chains for enterprises.

Under the new project, dubbed Project Lightwell, the companies said Thursday they will deploy a global force of 20,000 engineers, supported by advanced artificial intelligence, to establish a trusted enterprise clearinghouse.

The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to identify, test and fix security vulnerabilities across massive volumes of open-source code.

The capabilities will be available through commercial subscriptions, allowing enterprises to report bugs within open-source frameworks and receive validated, production-ready patches that can be directly integrated into their software supply chains.

…

IBM and Red Hat added they have already begun collaborating with a select group of early adopters on Project Lightwell, including Bank of America, Citi, Goldman Sachs, Morgan Stanley, Visa and Wells Fargo.

Carnival Cruise confirms data breach affecting nearly 6 million people

Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026.

…

The company started notifying 5,995,277 customers on Wednesday that threat actors stole their data in an April 10 breach after gaining access to some of its IT systems in a social engineering attack.

"On April 14, 2026, the Company's IT security team identified unauthorized activity involving an employee's account. An unauthorized actor used social engineering to deceive an employee to gain access to a limited portion of the Company's IT system," the company said in data breach notification letters sent to affected individuals.

"The Company acted swiftly to block the unauthorized activity and immediately began working with third party security experts to further strengthen our security and to conduct a thorough investigation. On April 22, 2026, the Company first determined that the bad actor illegally copied personal information."

ECB tells banks to invest more to get a grip on AI security risk

Euro zone banks need to invest more in cybersecurity if they are to get a grip on new AI models that can find flaws in ‌software, the European Central Bank's outgoing Vice President Luis de Guindos said on Wednesday.

New large language models such as Anthropic's Mythos are viewed by cybersecurity experts as posing significant challenges to the banking industry and its legacy technology systems, prompting a series of warnings from regulators and policymakers ⁠around the world.

The ECB has been quizzing euro zone banks about their preparedness for weeks, including at a meeting this week, and de Guindos said the sector needed to reach deeper into its pockets to strengthen its defences against cyberattacks powered by AI.

"We have to understand much better the potential implications of these new models and to try to put in place the systems and cybersecurity patches that can address that situation," de Guindos, whose term ‌runs ⁠out at the end of the month, told reporters.

UK faces ‘moment of consequence,’ as GCHQ advances AI-driven cyber defence against hybrid threats

The head of the British intelligence and cybersecurity agency warned that the U.K. is facing a ‘moment of consequence’ as adversaries escalate hybrid operations and global technological competition accelerates. She said the world has entered a ‘new era of radical uncertainty, contested geopolitics and rapidly changing technology,’ with Russia in particular ‘relentlessly targeting critical infrastructure, democratic processes, supply chains and public trust’ across the U.K. and Europe.

Anne Keast-Butler, director of the GCHQ (Government Communications Headquarters), said in her GCHQ Annual Lecture at Bletchley Park that the speed of advances in AI (artificial intelligence), quantum computing, and space technologies is creating a ‘narrowing window’ for the U.K. and its allies to maintain strategic advantage. She warned that the ‘risk of miscalculation is as high as I’ve ever seen it,’ and called for cybersecurity to become ‘ten times more urgent’ across government, industry, and society.

Fried Frank Bets on AI to Streamline Private Equity Funds Group

Fried Frank is rolling out a new, internally-built artificial intelligence platform it says will streamline its practice advising private equity funds and may provide a strategic advantage through client collaboration and cost savings.

The tool, dubbed FundAssist, uses OpenAI’s latest models to pore through Fried Frank lawyers’ previous work, pinpoint client-preferred language, and return the most relevant precedents. The tool will allow clients to query their own documents. The goal is to generate the first draft of long-form fund formation documents with the click of a button.

Clients and the firm succeed if the clients can get answers from the tool while turning to Fried Frank’s lawyers for “trusted adviser service,” said Becky Zelenka, co-head of the private funds group, who spearheaded the development of the technology. The firm hasn’t decided on how to price the tool yet; it is focused on getting clients to work with it to determine its value.

Princeton CorpGov Forum Puts AI And Cybersecurity Risk At The Center Of Boardroom Strategy

CorpGov hosted the second Princeton CorpGov Forum on May 21, 2026, at The Nassau Inn in Princeton, New Jersey, bringing together industry leaders and alumni spanning five decades at the university.

…

A key panel focused on AI and cybersecurity in the boardroom, featuring Kevin McLaughlin, Vice President of Brand and Corporate Marketing at Dataiku, alongside Patrick A. Westerhaus, Partner of Cyber Risk Services at EisnerAmper.

Michael W. Robinson, Chairman and CEO of The Montgomery Strategies Group, also joined the panel as a featured speaker on the growing intersection of technology and corporate governance.

Panelists noted that boards are heavily funding AI and cybersecurity despite a limited understanding of the technologies and the risks they present.

Speakers warned that AI is making cybercrime easier, increasing threats including ransomware, fraud, deepfakes, and social engineering attacks against companies of all sizes.