Deloitte, IBM and Red Hat have announced a strategic collaboration aimed at helping enterprises strengthen the security of their software supply chains.
The partnership brings Deloitte on board as an integration collaborator for Lightwell, an enterprise open source security initiative developed by IBM and Red Hat. The collaboration combines software engineering, cyber risk management and automation to help organisations identify, prioritise and remediate vulnerabilities faster without disrupting business operations.
The announcement comes as enterprises continue to rely on a growing mix of internally developed applications, open source software and third-party commercial software. This interconnected software ecosystem has expanded the attack surface, with a single unpatched vulnerability capable of exposing critical business systems.
According to the companies, advances in frontier AI models have significantly accelerated cyber threats by enabling attackers to discover and exploit zero-day vulnerabilities within minutes, leaving organisations with little time to respond through traditional patch management processes.
At the centre of the collaboration is Lightwell, which is designed to separate open source security remediation from conventional software upgrade cycles.
Lightwell develops, validates and backports security patches directly to the software versions currently running in production.
Through this collaboration, the three organisations will coordinate across the software lifecycle to help clients manage security threats:
- Continuous Visibility & Discovery: Continuously mapping and scanning first-party, open source, and third-party software to identify exactly what code exists, where it runs, and which critical business functions it supports.
- Contextual Prioritisation: Separating active threats from noise by analysing severity, exposure, threat-chaining, and exploitability to inform operational decisions.
- Machine-Speed Remediation: Combining Red Hat and IBM’s automated patch validation with Deloitte’s orchestration services to rapidly coordinate, test, and deploy validated fixes into production repositories, limiting disruption. To achieve this, Deloitte will maintain a bench of Forward DeployedEngineers (FDEs) to support ongoing remediation and maintenance of client applications.
- Ecosystem Trust & Compliance: Through the collaboration, the organisations will help enterprises manage upstream open source and vendor relationships, including pre-disclosure vulnerability handovers, while delivering continuous, evidence-based reporting for boards, auditors, and regulators.
Commenting on the collaboration, Adnan Amjad, Deloitte’s US Cyber leader, said organisations can no longer rely on traditional manual patching processes as cyber threats become increasingly automated.
He noted that the partnership is intended to help enterprises identify, validate and remediate vulnerabilities at machine speed while improving operational resilience across complex software ecosystems.
Savio Rodrigues, Vice President of Service Partners at IBM, said Lightwell was created to address the increasing challenge of securing open source software in an AI-driven threat landscape, adding that Deloitte’s cyber risk expertise would help extend the model to more organisations.
Meanwhile, Kevin Kennedy, Vice President of Global Partner Ecosystem at Red Hat, said the rapid rise of AI-generated threats requires engineering capabilities that can match the speed of attackers.
He added that the collaboration would bring remediation capabilities directly into enterprise application environments while continuing to support the broader open source ecosystem.
For these and more stories, follow us on X (Formerly Twitter), Facebook, LinkedIn and Telegram. You can also send us tips or reach out at info@techarena.co.ke.
Also Read: Red Hat Introduces New Sovereign and Private Cloud Capabilities to Power Digital Autonomy