IBM and Red Hat today announced IBM Lightwell, two commercial offerings that strengthen AI open source security with automated vulnerability remediation. Lightwell Network and Lightwell Clearinghouse Premier are part of the launch. Combined, these offerings help enterprises secure application dependencies and simplify protection of the software supply chain. This enables companies to enhance security without interrupting their existing development processes.
Lightwell Network is now generally available It gives you access to over 6,500 remediated, digitally signed and certified application-layer dependencies across major ecosystems such as Java and Python. Lightwell Clearinghouse Premier is also in a limited-availability phase at this time. It serves as a trusted broker for secured patch embargoes and industry-wide threat coordination.
The launch is based on a trusted model Red Hat has built over several decades. During that time, the company signed up critical enterprise systems for thousands of customers. Red Hat has also powered millions of product downloads and contributed countless patches, bug fixes and open source improvements.
IBM Lightwell Creates AI Open Source Security For Enterprise Scale
The announcement comes on the heels of a $5 billion open source security commitment by IBM and Red Hat announced in May 2026. This effort is backed by more than 20,000 engineers and the company is continuing to develop Lightwell’s advanced AI-powered remediation capabilities. This gives organizations access to trusted security infrastructure built for the AI era.
The launch also highlights the increasing collaboration with design partners across the financial services industry. These organizations know they need reliable vulnerability management. “They believe IBM and Red Hat are well-positioned to provide enterprise-grade engineering expertise and scalable open source security solutions.”
This infrastructure is delivered through a high-throughput generative AI-powered remediation engine that Lightwell already runs at production scale. The platform combines state-of-the-art AI models with experienced engineering teams. They work together to identify, validate and remediate vulnerabilities in the deeply embedded software dependencies that are part of modern enterprise applications.
Lightwell also helps organizations balance innovation with regulatory compliance. Instead of requiring companies to do massive upstream software upgrades, the platform backports critical fixes directly into long-term production releases. In this way organizations will reduce regression testing and also avoid compatibility issues. “IBM and Red Hat also see the Lightwell catalog of remediated packages moving from thousands to millions through AI automation.
Lightwell Network offers persistent access to an ever-growing library of current and legacy software libraries. Members get digitally signed binaries, source code, Software Bills of Materials (SBOMs), and compliance documentation. Additionally, these updates are integrated into existing development pipelines without any code drift.
Lightwell Clearinghouse Premier Broadens Industry Collaboration
Lightwell Clearinghouse Premier introduces commercial onboarding for financial services industry organizations. The platform provides advanced threat coordination, secured patch embargoes and collaborative vulnerability management. Organizations that participate can submit vulnerabilities and request targeted version remediation during confidential embargo periods.
IBM and Red Hat plan to extend this offering to other important infrastructure sectors, such as government, healthcare and telecommunications. However, qualified organizations will still be able to participate, as operations of sector-specific clearinghouses will require specialized legal, geographic and disclosure frameworks.
Lightwell follows the well established Red Hat upstream first development model. Security fixes are therefore contributed back to the original open source communities for review and acceptance This approach improves both commercial software security and community collaboration, while reducing project fragmentation and limiting production security risks.
“No single institution can keep pace with the growing scale and complexity of open source vulnerabilities alone,” said Scott DePasquale, President and CEO, ARC. “The financial sector has long demonstrated the value of collaboration in addressing shared security challenges, and initiatives that enable coordinated remediation have the potential to strengthen resilience across the industry.”
“Lightwell represents a fundamental structural shift in how we secure all enterprise software,” said Matt Hicks, President and CEO, Red Hat. “By pairing automated remediation with our deep engineering heritage, we aim to deliver the trusted infrastructure required to consume open source reliably, sustainably, and at AI speeds.”
“IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners,” said Rob Thomas, Senior Vice President, Software & Chief Commercial Officer, IBM. “Making that possible takes scale most organizations don’t have, a world-class team of engineers and AI systems working around the clock to protect the open source software the world’s enterprises run on.”
“Heavily regulated industries such as financial services have the highest cost of compliance, meaning that they take security extremely seriously, especially in its use of open source software,” said Jerry Silva, Program Vice President for IDC Financial Insights. “The partnership bringing Red Hat and IBM together under the Lightwell banner to identify, triage, and remediate vulnerabilities will bolster the security and resiliency posture of these organizations globally, ensuring the trust that is the hallmark of the services they provide.”
With open source software accounting for up to 90% of enterprise codebases and generating 9.8 trillion downloads during 2025, vulnerability management has become increasingly challenging. Furthermore, AI-generated exploits and growing software complexity have increased security risks. Lightwell addresses these challenges by evaluating application context and dependency relationships before delivering validated fixes directly into enterprise workflows.
The platform also relies on a broad partner ecosystem.
Technology partners include Amazon Web Services (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow. Consequently, Lightwell security updates extend across multiple enterprise environments without disrupting existing tools or applications.
In addition, deployment and strategy services are available through IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and risk consulting teams, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Services (TCS), and Tech Mahindra. These organizations help customers map SBOMs, manage software versions, integrate Lightwell registries, and prepare enterprise development pipelines for AI-driven security challenges.
Explore IT Tech News for the latest advancements in Information Technology & insightful updates from industry experts!
News Source: Businesswire.com