Breaking News

IBM and Red Hat Expand Lightwell with New Offerings to Build the Trust Infrastructure for AI-Era Open Source

https://ift.tt/5cxQHdf

RALEIGH, N.C. and ARMONK, N.Y. —  IBM and Red Hat today announced the commercial launch of Lightwell, delivering automated vulnerability remediation at scale through two offerings: Lightwell Network and Lightwell Clearinghouse Premier.

Available now, Lightwell Network gives enterprises access to a launch catalog of 6,500+ remediated, digitally signed, and certified application-layer dependencies across major ecosystems, including Java and Python.

Lightwell Clearinghouse Premier enters a limited-availability phase, serving as a trusted intermediary for secured patch embargoes and vertical threat coordination. Today’s launch builds on the $5 billion commitment to open source security that IBM and Red Hat announced in May 2026, backed by a global force of more than 20,000 engineers to oversee and scale Lightwell’s advanced, AI-driven remediation capabilities.

Lightwell’s rollout scales a model built on decades of trust, in which Red Hat has secured critical systems for thousands of customers, with millions of core product downloads and an immeasurable number of patches, bug fixes, and community contributions. It also reflects the rapid momentum and active collaboration with design partners from financial services industry leaders who view Lightwell as critical to solving this industry issue, recognizing that Red Hat and IBM are uniquely equipped to deliver the required open source engineering expertise and scale. Lightwell now extends that proven enterprise protection to an organization’s open source software portfolio.

To deliver this trust infrastructure, Lightwell leverages the high-throughput capability of a generative AI-powered remediation engine that is already live and operating at scale. This advanced, AI-driven automation pipeline combines frontier and open AI models with human engineering expertise to identify, validate, and remediate vulnerabilities across critical dependencies embedded deep within modern software architectures.

Lightwell removes the friction between rapid innovation and enterprise compliance by securing the specific software packages organizations run in active production today, while establishing a stable platform for future applications. To break the dependency remediation deadlock, Lightwell uses automation to backport critical fixes directly to specific, long-lived production software versions, helping address lengthy regression testing and breaking changes that often paralyze teams forced to adopt major upstream upgrades.

Backed by its AI-powered remediation engine, Red Hat and IBM expect Lightwell’s catalog of remediated packages to scale rapidly from thousands to millions.

Red Hat and IBM are delivering these capabilities through two offerings:

● Lightwell Network: Generally available now, providing immediate access to an active and growing library of content spanning latest to legacy libraries with high-value remediations. Members receive a continuous stream of digitally signed binaries, source code, and comprehensive compliance artifacts, including complete Software Bills of Materials (SBOMs), delivered directly into existing pipelines without code drift.
● Lightwell Clearinghouse Premier: Entering a limited-availability commercial onboarding phase, this tier is designed to serve as a trusted intermediary for deep industry collaboration, advanced vertical threat coordination, and secured patch embargoes.

Participating organizations can submit vulnerabilities and request targeted version remediation under an embargo window. While the platform’s initial launch is limited to the financial services industry, Red Hat and IBM plan to expand Lightwell Clearinghouse Premier to additional critical infrastructure verticals, including government, healthcare, and telecommunications, in future phases. Due to the highly specialized legal, geographic, and disclosure frameworks required to operate sector-specific clearinghouse networks, commercial entry remains gated to qualified participating organizations.

Lightwell operates under Red Hat’s proven upstream-always model, in which security fixes are actively submitted back to the originating open source community for review and acceptance. This ensures commercial protections and community health continually reinforce one another, preventing project fragmentation without risking in-production zero days.

“No single institution can keep pace with the growing scale and complexity of open source vulnerabilities alone,” said Scott DePasquale, President and CEO, ARC. “The financial sector has long demonstrated the value of collaboration in addressing shared security challenges, and initiatives that enable coordinated remediation have the potential to strengthen resilience across the industry.”

“Lightwell represents a fundamental structural shift in how we secure all enterprise software,” said Matt Hicks, President and CEO, Red Hat. “By pairing automated remediation with our deep engineering heritage, we aim to deliver the trusted infrastructure required to consume open source reliably, sustainably, and at AI speeds.”

“IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners,” said Rob Thomas, Senior Vice President, Software & Chief Commercial Officer, IBM. “Making that possible takes scale most organizations don’t have, a world-class team of engineers and AI systems working around the clock to protect the open source software the world’s enterprises run on.”

“Heavily regulated industries such as financial services have the highest cost of compliance, meaning that they take security extremely seriously, especially in its use of open source software,” said Jerry Silva, Program Vice President for IDC Financial Insights. “The partnership bringing Red Hat and IBM together under the Lightwell banner to identify, triage, and remediate vulnerabilities will bolster the security and resiliency posture of these organizations globally, ensuring the trust that is the hallmark of the services they provide.”

With open source comprising up to 90% of enterprise codebases and driving 9.8 trillion downloads in 2025 alone, massive volume and $50 AI-generated exploits have broken traditional patch management, leaving codebases with an average of 581 vulnerabilities. Lightwell is designed to mitigate this unmapped risk and neutralize execution bottlenecks by evaluating application context and dependency interactions to deliver validated fixes directly into active workflows.

Safeguarding the open source software supply chain requires an open, diverse ecosystem spanning AI models, development tools, and enterprise infrastructure. Lightwell is extended by a robust and growing network of technology and deployment partners. By collaborating with these industry leaders, Lightwell delivers a true orchestrated defense, enabling network rules, cloud environments, and deployment pipelines to be updated simultaneously across the entire enterprise fabric when a fix is ready.

● Technology providers: Industry leaders like Amazon Web Services (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow are collaborating with IBM and Red Hat on Lightwell. This growing ecosystem ensures that Lightwell’s security fixes extend across diverse environments, protecting a wide array of existing tools, applications, and services without disruption.
● Deployment & strategy services: To accelerate adoption, customers can leverage world-class systems integration and strategic deployment services through engagements with IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and risk consulting teams, HCLTech, Infosys, LTM, NTT DATA and Tata Consultancy Services (TCS).

These organizations help enterprise customers map SBOMs, manage version mapping, ingest Lightwell registries, and evaluate pipelines to enable preparedness for AI-velocity vulnerabilities.

Learn more about Lightwell at https://ift.tt/C4xQ2S6 and https://ift.tt/F1aQwcX

The post IBM and Red Hat Expand Lightwell with New Offerings to Build the Trust Infrastructure for AI-Era Open Source appeared first on SD Times.



Tech Developers

No comments