11:00:20 EDT Wed 08 Jul 2026
Enter Symbol
or Name
USA
CA



IBM and Red Hat Expand Lightwell with New Offerings to Build the Trust Infrastructure for AI-Era Open Source

2026-07-08 09:00 ET - News Release

Developed with leading global financial institutions and backed by a growing partner ecosystem, the new Lightwell offerings help enterprises mitigate open source risk without disruptive upgrades


Company Website: https://www.redhat.com
RALEIGH, N.C. & ARMONK, N.Y. -- (Business Wire)

IBM (NYSE:IBM) and Red Hat today announced the commercial launch of Lightwell, delivering automated vulnerability remediation at scale through two offerings: Lightwell Network and Lightwell Clearinghouse Premier. Available now, Lightwell Network gives enterprises access to a launch catalog of 6,500+ remediated, digitally signed, and certified application-layer dependencies across major ecosystems, including Java and Python. Lightwell Clearinghouse Premier enters a limited-availability phase, serving as a trusted intermediary for secured patch embargoes and vertical threat coordination.

Today's launch builds on the $5 billion commitment to open source security that IBM and Red Hat announced in May 2026, backed by a global force of more than 20,000 engineers to oversee and scale Lightwell's advanced, AI-driven remediation capabilities. Lightwell’s rollout scales a model built on decades of trust, in which Red Hat has secured critical systems for thousands of customers, with millions of core product downloads and an immeasurable number of patches, bug fixes, and community contributions. It also reflects the rapid momentum and active collaboration with design partners from financial services industry leaders who view Lightwell as critical to solving this industry issue, recognizing that Red Hat and IBM are uniquely equipped to deliver the required open source engineering expertise and scale. Lightwell now extends that proven enterprise protection to an organization's open source software portfolio.

To deliver this trust infrastructure, Lightwell leverages the high-throughput capability of a generative AI-powered remediation engine that is already live and operating at scale. This advanced, AI-driven automation pipeline combines frontier and open AI models with human engineering expertise to identify, validate, and remediate vulnerabilities across critical dependencies embedded deep within modern software architectures.

Lightwell removes the friction between rapid innovation and enterprise compliance by securing the specific software packages organizations run in active production today, while establishing a stable platform for future applications. To break the dependency remediation deadlock, Lightwell uses automation to backport critical fixes directly to specific, long-lived production software versions, helping address lengthy regression testing and breaking changes that often paralyze teams forced to adopt major upstream upgrades. Backed by its AI-powered remediation engine, Red Hat and IBM expect Lightwell’s catalog of remediated packages to scale rapidly from thousands to millions.

Red Hat and IBM are delivering these capabilities through two offerings:

  • Lightwell Network: Generally available now, providing immediate access to an active and growing library of content spanning latest to legacy libraries with high-value remediations. Members receive a continuous stream of digitally signed binaries, source code, and comprehensive compliance artifacts, including complete Software Bills of Materials (SBOMs), delivered directly into existing pipelines without code drift.

  • Lightwell Clearinghouse Premier: Entering a limited-availability commercial onboarding phase, this tier is designed to serve as a trusted intermediary for deep industry collaboration, advanced vertical threat coordination, and secured patch embargoes. Participating organizations can submit vulnerabilities and request targeted version remediation under an embargo window. While the platform’s initial launch is limited to the financial services industry, Red Hat and IBM plan to expand Lightwell Clearinghouse Premier to additional critical infrastructure verticals, including government, healthcare, and telecommunications, in future phases. Due to the highly specialized legal, geographic, and disclosure frameworks required to operate sector-specific clearinghouse networks, commercial entry remains gated to qualified participating organizations.

Lightwell operates under Red Hat’s proven upstream-always model, in which security fixes are actively submitted back to the originating open source community for review and acceptance. This ensures commercial protections and community health continually reinforce one another, preventing project fragmentation without risking in-production zero days.

"No single institution can keep pace with the growing scale and complexity of open source vulnerabilities alone,” said Scott DePasquale, President and CEO, ARC. “The financial sector has long demonstrated the value of collaboration in addressing shared security challenges, and initiatives that enable coordinated remediation have the potential to strengthen resilience across the industry.”

“Lightwell represents a fundamental structural shift in how we secure all enterprise software,” said Matt Hicks, President and CEO, Red Hat. “By pairing automated remediation with our deep engineering heritage, we aim to deliver the trusted infrastructure required to consume open source reliably, sustainably, and at AI speeds.”

"IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners," said Rob Thomas, Senior Vice President, Software & Chief Commercial Officer, IBM. "Making that possible takes scale most organizations don't have, a world-class team of engineers and AI systems working around the clock to protect the open source software the world's enterprises run on."

"Heavily regulated industries such as financial services have the highest cost of compliance, meaning that they take security extremely seriously, especially in its use of open source software,” said Jerry Silva, Program Vice President for IDC Financial Insights. “The partnership bringing Red Hat and IBM together under the Lightwell banner to identify, triage, and remediate vulnerabilities will bolster the security and resiliency posture of these organizations globally, ensuring the trust that is the hallmark of the services they provide."

With open source comprising up to 90% of enterprise codebases and driving 9.8 trillion downloads in 20251 alone, massive volume and $50 AI-generated exploits2 have broken traditional patch management, leaving codebases with an average of 581 vulnerabilities3. Lightwell is designed to mitigate this unmapped risk and neutralize execution bottlenecks by evaluating application context and dependency interactions to deliver validated fixes directly into active workflows.

Safeguarding the open source software supply chain requires an open, diverse ecosystem spanning AI models, development tools, and enterprise infrastructure. Lightwell is extended by a robust and growing network of technology and deployment partners. By collaborating with these industry leaders, Lightwell delivers a true orchestrated defense, enabling network rules, cloud environments, and deployment pipelines to be updated simultaneously across the entire enterprise fabric when a fix is ready.

  • Technology providers: Industry leaders like Amazon Web Services (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow are collaborating with IBM and Red Hat on Lightwell. This growing ecosystem ensures that Lightwell’s security fixes extend across diverse environments, protecting a wide array of existing tools, applications, and services without disruption.

  • Deployment & strategy services: To accelerate adoption, customers can leverage world-class systems integration and strategic deployment services through engagements with IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and risk consulting teams, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Services (TCS), and Tech Mahindra. These organizations help enterprise customers map SBOMs, manage version mapping, ingest Lightwell registries, and evaluate pipelines to enable preparedness for AI-velocity vulnerabilities.

Learn more about Lightwell at https://www.ibm.com/products/lightwell and https://www.redhat.com/en/lightwell

1 https://www.sonatype.com/state-of-the-software-supply-chain/introduction

2 https://www.anthropic.com/research/mythos-preview

3 https://www.blackduck.com/resources/analyst-reports/open-source-security-risk-analysis.html

Supporting Quotes

Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM Consulting

"Lightwell introduces a new model for addressing software supply chain risk through rapid validation and trusted remediation. IBM Consulting is helping enterprises build on that foundation by expanding our services to help organizations prepare for Lightwell and create an operating model that makes cyber operations more continuous and adaptive, rather than reactive.”

Kevin Sherry, Global Vice President, Services, Red Hat

“Closing the vulnerability gap from discovery to remediation requires a combination of automation, expertise, and technology. Red Hat Consulting has over 20 years of open source development and knowledge and, together with our Security Technical Account Management (TAM) offering, provides the Lightwell foundation for proactively supporting our customers’ defense posture and remediation processes. Working with our ecosystem, we partner to accelerate, streamline and secure our customers’ entire operational lifecycle.”

Harpreet Sidhu, Global Cybersecurity Lead, Accenture

"Securing the open source software supply chain has become a complex operational challenge, particularly in heavily-regulated industries where the cost of disruption is high. Lightwell can help organizations maintain stability in production environments without forcing organizations into disruptive upgrade cycles. Combined with Accenture's deep cybersecurity and large-scale enterprise transformation expertise, we're better positioned to help clients move faster and with greater confidence, without trading cybersecurity for agility."

Philip Guido, Executive Vice President and Chief Commercial Officer, AMD

“As enterprises and the financial sector move AI into full production, trust in the open source software supply chain becomes essential to innovation. AMD is proud to work with Red Hat and IBM to advance open source, standards-based technologies that give customers choice and confidence. Lightwell, along with the AMD enterprise and AI portfolio of solutions, can help to reduce software risk and power the scale, efficiency and flexibility customers need to accelerate their AI adoption.”

Michael Kollar, Executive Vice President and Head of Cloud & Modern Infrastructure, Atos

"As organizations accelerate their adoption of open source, maintaining control of the software supply chain has become a critical element of digital sovereignty. We welcome innovations such as Lightwell from IBM and Red Hat, which help strengthen trust in open source ecosystems. Atos combines cybersecurity leadership, sovereign digital expertise, and deep open source experience to help customers securely operationalize these capabilities at enterprise scale.”

Vishal Salvi, Global Head of Cybersecurity Service Line, Cognizant

"In today's interconnected landscape, the sheer scale of unaddressed vulnerabilities across the open source supply chain has become a real threat to business continuity, with unsecured code already sitting in production. Through Red Hat and IBM's Lightwell, Cognizant helps organizations address this systematic challenge through refactoring and remediation of core code. We aim to provide clients with enhanced visibility they need to map SBOMs, support the adoption of critical fixes, and assist organizations as they modernize their core systems more efficiently and with greater confidence.”

Adnan Amjad, U.S. Cyber leader, Deloitte

"As AI accelerates both the pace of software development and the sophistication of threats, enterprises are grappling with unprecedented open source software risk. Securing this ecosystem requires automated remediation at scale. Through Deloitte’s alliance with IBM and Red Hat, together we’re helping organizations strategically deploy Lightwell’s capabilities to secure their software supply chains to remediate vulnerabilities without sacrificing speed or operational continuity."

Michael Montoya, Chief Technology Operations Officer, F5

“The attack capabilities of frontier AI models have inverted traditional software patching windows. Ecosystem collaboration across highly regulated industries such as financial services provides tangible blueprints for enterprise cybersecurity going forward. With a shared emphasis on real-time remediation and runtime security, F5 is proud to align with IBM and Red Hat’s Lightwell to secure modern multicloud architectures relying on a blend of open source and vendor-specific deployments.”

Kalyan Kumar, President, HCLSoftware

"Securing the AI era requires that every layer of the software stack, from open source dependencies to running production endpoints, is remediated continuously with no tolerance for drift and no disruptive upgrade cycles. Lightwell closes the package-level gap at exactly the right moment in the supply chain. HCLSoftware closes it at the application and endpoint layers through AppScan, BigFix Remediate, and HCL DevOps Loop, with AIForce adding the much-needed intelligence to prioritize and act at pipeline speed. Integration with IBM Concert ensures that security signals and remediation actions flow into a unified operational view across the stack. This ecosystem model is how enterprises build resilience that compounds over time, not just security coverage that decays."

Bill Pearson, Vice President of Data Center and AI Software, Intel

“As AI accelerates the scale of software development, it also accelerates cyber risk. As a foundational contributor to the Linux kernel – and an advocate for open-source innovation – for more than three decades, Intel believes that securing the modern software supply chain requires a holistic approach that connects silicon-level trust with robust, community-driven code. IBM and Red Hat’s Lightwell helps to address this industry-wide need, and align to Intel’s commitment to secure the modern, digital infrastructure that enterprises rely on every day.”

Gal Marder, Chief Strategy Officer, JFrog

"We have entered an era of adversarial symmetry. The good guys are innovating rapidly, but bad actors are moving just as fast. Today's AI models are finding gaps far faster than most organizations can patch them, leaving enterprises highly vulnerable to attack. To survive this unprecedented threat environment, organizations must automate security at a completely different pace and scale. We’re thrilled to collaborate with IBM and Red Hat on Lightwell as we help companies identify and remediate issues, then operationalize open source patching at scale. As the definitive system of record and trust layer, JFrog delivers the automated controls needed to ensure real protection keeps pace with AI-accelerated threats."

Paul Savill, Global Practice Leader, Cyber Resilience & Connectivity, Kyndryl

"Addressing open-source software supply chain risk at enterprise scale is a priority for customers across industries. Kyndryl is committed to helping organizations mitigate risk by integrating advanced AI and automation capabilities into their development and operations workflows, enabling faster remediation and greater confidence in the software that powers their business.”

Chandan Pani, Chief Information Security Officer, LTM

“As enterprises scale AI adoption, securing open-source software has become critical to maintaining trust, resilience, and development velocity. Through our partnership with IBM and as part of Lightwell, LTM is helping customers strengthen software supply chain security with trusted, automated remediation at scale—enabling them to innovate faster while reducing risk across their development environments.”

Sandy Gupta, Vice President, Partner Development ISV, Microsoft

"Speed in delivering patches to customers is critical. We’re already working together with IBM and Red Hat as part of the Linux Foundation's Akrites effort and now extending that collaboration to Lightwell to ensure critical fixes reach customers as quickly as possible using the fastest delivery mechanisms and tools."

Justin Boitano, Vice President, Enterprise AI Platforms, NVIDIA

“The future of cyber defense cannot be a black box. Defenders need an open ecosystem that combines leading models with open harnesses, giving them the context, customization, and speed to close vulnerabilities before adversaries can exploit them. NVIDIA is working with Red Hat, IBM, and the broader ecosystem to bring these advancements to Lightwell, helping organizations close the gap between vulnerability detection and remediation at agent speed.”

Anand Oswal, Executive Vice President of AI & Network Security, Palo Alto Networks

"We are proud to collaborate with IBM and Red Hat on the general availability of Lightwell. By integrating their automated remediation engine with Palo Alto Networks virtual patching capabilities, we deliver network-level protection across our customers' critical control points through our platformization strategy. This delivers robust, autonomous protection without the risk of breaking production workflows.”

Sanjeev Mehrotra, Global Head - Cyber Security & Risk Management, Tech Mahindra

"As AI accelerates software development, open source has become the foundation of enterprise innovation, making software supply chain security more critical than ever. Organizations today face the challenge of securing increasingly complex dependency ecosystems while maintaining development velocity and operational resilience. Our collaboration with IBM and Red Hat on Lightwell reinforces Tech Mahindra’s commitment to helping enterprises strengthen software supply chain security and confidently operationalize trusted open source at scale. By combining our deep engineering expertise with strong integration and deployment capabilities, we are enabling customers to embed automated, secure, and resilient software delivery practices into their existing development environments."

Statements regarding IBM's and Red Hat’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

About IBM

IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service. Visit www.ibm.com for more information.

About Red Hat

Red Hat is the open hybrid cloud technology leader, delivering a trusted, consistent and comprehensive foundation for transformative IT innovation and AI applications. Its portfolio of cloud, developer, AI, Linux, automation and application platform technologies enables any application, anywhere—from the datacenter to the edge. As the world's leading provider of enterprise open source software solutions, Red Hat invests in open ecosystems and communities to solve tomorrow's IT challenges. Collaborating with partners and customers, Red Hat helps them build, connect, automate, secure and manage their IT environments, supported by consulting services and award-winning training and certification offerings.

Contacts:

Media Contacts
IBM Media Contact: Michele Brancati, mbrancati@ibm.com
Red Hat Media Contact: John Terrill, jterrill@redhat.com

Source: Red Hat, Inc.

© 2026 Canjex Publishing Ltd. All rights reserved.