Developed in collaboration with leading financial institutions, IBM and Red Hat have launched Lightwell which will deliver automated vulnerability remediation at scale through two offerings: Lightwell Network and Lightwell Clearinghouse Premier.
Available now, Lightwell Network gives enterprises access to a launch catalogue of 6 500+ remediated, digitally signed, and certified application-layer dependencies across major ecosystems including Java and Python. Lightwell Clearinghouse Premier enters a limited-availability phase, serving as a trusted intermediary for secured patch embargoes and vertical threat coordination.
The launch builds on the $5-billion commitment to open source security that IBM and Red Hat announced in May 2026, backed by a global force of more than 20 000 engineers to oversee and scale Lightwell’s advanced, AI-driven remediation capabilities.
Lightwell’s rollout scales a model built on decades of trust, in which Red Hat has secured critical systems for thousands of customers, with millions of core product downloads and an immeasurable number of patches, bug fixes, and community contributions. It also reflects the rapid momentum and active collaboration with design partners from financial services industry leaders who view Lightwell as critical to solving this industry issue – recognising that Red Hat and IBM are uniquely equipped to deliver the required open source engineering expertise and scale.
Lightwell now extends that proven enterprise protection to an organisation’s open source software portfolio.
To deliver this trust infrastructure, Lightwell leverages the high-throughput capability of a generative AI-powered remediation engine that is already live and operating at scale. This advanced, AI-driven automation pipeline combines frontier and open AI models with human engineering expertise to identify, validate, and remediate vulnerabilities across critical dependencies embedded deep within modern software architectures.
Lightwell removes the friction between rapid innovation and enterprise compliance by securing the specific software packages organisations run in active production today, while establishing a stable platform for future applications.
To break the dependency remediation deadlock, Lightwell uses automation to backport critical fixes directly to specific, long-lived production software versions – helping address lengthy regression testing and breaking changes that often paralyse teams forced to adopt major upstream upgrades. Backed by its AI-powered remediation engine, Red Hat and IBM expect Lightwell’s catalogue of remediated packages to scale rapidly from thousands to millions.
“Lightwell represents a fundamental structural shift in how we secure all enterprise software,” says Matt Hicks, president and CEO of Red Hat. “By pairing automated remediation with our deep engineering heritage, we aim to deliver the trusted infrastructure required to consume open source reliably, sustainably, and at AI speeds.”
Rob Thomas, senior vice-president, Software and chief commercial officer at IBM, adds: “IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners. Making that possible takes scale most organisations don’t have, a world-class team of engineers, and AI systems working around the clock to protect the open source software the world’s enterprises run on.”
With open source comprising up to 90% of enterprise codebases and driving 9,8-trillion downloads in 2025 alone, massive volume and $50 AI-generated exploits have broken traditional patch management, leaving codebases with an average of 581 vulnerabilities. Lightwell is designed to mitigate this unmapped risk and neutralise execution bottlenecks by evaluating application context and dependency interactions to deliver validated fixes directly into active workflows.