Home » Emerging Technologies » Cyber Security » IBM, Red Hat Launch Lightwell for Open Source Security
News Desk -

Share

IBM and Red Hat have officially launched Lightwell, introducing new commercial offerings designed to strengthen open source security through automated vulnerability remediation at scale. The launch includes Lightwell Network and Lightwell Clearinghouse Premier, helping enterprises reduce open source risk without requiring disruptive software upgrades.

The announcement follows IBM and Red Hat’s $5 billion commitment to open source security made in May 2026. The initiative is supported by more than 20,000 engineers who will oversee and expand Lightwell’s AI driven remediation capabilities.

Lightwell Network is now generally available. It provides enterprises with access to more than 6,500 remediated, digitally signed and certified application layer dependencies across major software ecosystems, including Java and Python.

Meanwhile, Lightwell Clearinghouse Premier has entered a limited availability phase. It is designed to act as a trusted intermediary for secure patch embargoes and industry wide threat coordination, initially serving financial services organizations.

According to IBM and Red Hat, Lightwell builds on Red Hat’s long established enterprise security model. The platform extends protection beyond operating systems by securing the open source software packages organizations already use in production.

To support this, Lightwell relies on a high throughput generative AI powered remediation engine that is already operating at scale. The automated pipeline combines frontier and open AI models with human engineering expertise to identify, validate and remediate vulnerabilities across software dependencies embedded deep within enterprise applications.

In addition, the platform aims to eliminate the challenges organizations face when applying security updates. Rather than forcing major software upgrades, Lightwell backports critical security fixes directly to long term production versions. This approach helps reduce regression testing, avoids breaking changes and allows enterprises to maintain stable production environments.

IBM and Red Hat expect the catalog of remediated software packages to grow rapidly from thousands to millions through the platform’s AI powered automation.

Lightwell is available through two commercial offerings.

Lightwell Network provides access to a growing library of remediated software packages, covering both modern and legacy libraries. Customers receive digitally signed binaries, source code and compliance artifacts, including complete Software Bills of Materials (SBOMs), which integrate directly into existing development pipelines without introducing code drift.

Lightwell Clearinghouse Premier supports deeper industry collaboration through secure vulnerability submissions, targeted version remediation and coordinated patch embargoes. Although initially limited to financial services, IBM and Red Hat plan to expand the platform to government, healthcare and telecommunications sectors in future phases. Commercial access remains restricted to qualified organizations because of the legal, geographic and disclosure requirements associated with sector specific clearinghouse networks.

The companies also said Lightwell follows Red Hat’s upstream first development model. Security fixes are contributed back to the original open source communities for review and acceptance, helping maintain project health while protecting production environments from security risks.

Scott DePasquale, President and CEO of ARC, said no single institution can keep pace with the growing volume and complexity of open source vulnerabilities. He added that collaboration across the financial sector has consistently strengthened resilience against shared security challenges, and coordinated remediation initiatives have the potential to improve security across the industry.

Matt Hicks, President and CEO of Red Hat, said Lightwell represents a structural change in securing enterprise software. He said the combination of automated remediation and Red Hat’s engineering expertise aims to deliver the trusted infrastructure organizations need to consume open source software reliably and at AI speed.

Rob Thomas, Senior Vice President, Software and Chief Commercial Officer at IBM, said IBM and Red Hat are providing certified fixes that enterprises can integrate directly into existing systems without disruption. He added that the platform combines large scale engineering expertise with AI systems working continuously to secure the open source software used by enterprises worldwide.

Jerry Silva, Program Vice President for IDC Financial Insights, said heavily regulated industries such as financial services place significant emphasis on secure open source software. He noted that the collaboration between IBM and Red Hat under the Lightwell initiative will strengthen security and resilience for organizations globally.

IBM and Red Hat highlighted the growing scale of the challenge. They said open source software now accounts for up to 90 percent of enterprise codebases and generated 9.8 trillion downloads during 2025. At the same time, AI generated exploits and the growing number of software vulnerabilities have increased pressure on traditional patch management approaches. The companies said enterprise codebases now average 581 vulnerabilities, making automated remediation increasingly important.

To address these challenges, Lightwell evaluates application context and dependency interactions before delivering validated security fixes directly into enterprise workflows.

The platform is also supported by a growing partner ecosystem spanning AI models, development tools and enterprise infrastructure.

Technology partners collaborating on Lightwell include Amazon Web Services, AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks and ServiceNow. Together, these companies help extend security updates across cloud environments, applications and deployment pipelines.

Customers can also work with deployment and consulting partners including IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and risk consulting teams, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Services and Tech Mahindra. These organizations assist enterprises with SBOM mapping, version management, registry integration and pipeline readiness for AI driven security threats.

With Lightwell, IBM and Red Hat aim to strengthen open source security by combining AI powered remediation, trusted engineering expertise and an expanding global partner ecosystem to help enterprises secure software at scale.