IBM and Red Hat have announced the commercial launch of Lightwell, a new platform designed to help enterprises automatically identify and remediate vulnerabilities in open source software at scale.
The launch introduces two offerings: Lightwell Network, which is now generally available, and Lightwell Clearinghouse Premier, which is entering a limited-availability phase for organisations in the financial services sector.
Lightwell Network provides enterprises with access to more than 6,500 digitally signed and certified application dependencies across major ecosystems, including Java and Python. The platform delivers validated security fixes, Software Bills of Materials (SBOMs), and compliance artefacts directly into existing development pipelines.
Meanwhile, Lightwell Clearinghouse Premier is designed to enable secure collaboration on vulnerability disclosures, coordinated threat response and patch embargoes.
The launch follows IBM and Red Hat’s $5 billion commitment to open source security, announced in May 2026. The initiative is backed by more than 20,000 engineers and combines generative AI with human expertise to automate the identification, validation, and remediation of vulnerabilities across enterprise software dependencies.
According to the companies, Lightwell addresses one of the biggest challenges facing enterprises today: applying security fixes without forcing disruptive software upgrades. Instead, the platform backports critical patches to long-term production versions, allowing organisations to maintain stability while improving security.
“Lightwell represents a fundamental structural shift in how we secure enterprise software,” said Matt Hicks, President and CEO of Red Hat. He added that the platform combines automated remediation with Red Hat’s engineering expertise to help organisations consume open source software securely at scale.
IBM’s Senior Vice President of Software and Chief Commercial Officer, Rob Thomas, said the platform enables organisations to integrate certified fixes directly into existing systems without requiring significant changes to their infrastructure.
The platform is also supported by a broad ecosystem of technology partners, including AWS, Microsoft, NVIDIA, Intel, GitLab, Palo Alto Networks, ServiceNow, and JFrog, alongside consulting firms such as Accenture, Deloitte, EY, Cognizant, Infosys, Kyndryl, Tata Consultancy Services, and Tech Mahindra to help customers deploy the solution.
IBM and Red Hat say Lightwell is designed to help organisations strengthen software supply chain security as AI accelerates both software development and the pace of cyber threats.
For these and more stories, follow us on X (Formerly Twitter), Facebook, LinkedIn and Telegram. You can also send us tips or reach out at [email protected].


