IBM and Red Hat commercially launch Lightwell open-source security platform

IBM and Red Hat on Tuesday announced the commercial launch of Lightwell, a platform delivering automated vulnerability remediation at scale for enterprises navigating the risks of open-source software in cloud and AI environments.

Two Subscription Tiers Now Available

The launch introduces two offerings: Lightwell Network, available now with a catalog of more than 6,500 remediated, digitally signed, and certified application-layer dependencies across Java and Python ecosystems; and Lightwell Clearinghouse Premier, entering a limited-availability phase that serves as a trusted intermediary for secured patch embargoes and vertical threat coordination. letsdatascience.com newsroom.ibm.com

Lightwell Network provides consolidated access to signed libraries, remediations, and patched artifacts through secured repositories, while the Clearinghouse Premier tier adds member-specific remediation, novel vulnerability verification, disclosure handling, and technical account services. letsdatascience.com

From $5 Billion Commitment to Commercial Reality

The commercial launch follows the May 2026 announcement of Project Lightwell as a $5 billion commitment backed by more than 20,000 engineers and frontier AI capabilities to identify and fix open-source vulnerabilities at scale. The platform was developed in collaboration with leading global financial institutions and is supported by a growing partner ecosystem that includes Palo Alto Networks and Deloitte. paloaltonetworks.com newsroom.ibm.com devopsdigest.com

IBM described the initiative as addressing “one of the hardest problems in enterprise software: fixing vulnerabilities without breaking what is already in production”. The clearinghouse model uses AI to validate and test patches before deployment, allowing businesses to integrate secure fixes directly into their software supply chains. cybersecuritydive.com devops.com ibm.com

IBM Security Services Operationalizing Lightwell

IBM Security Services is working with enterprises to build the operational foundation needed to adopt Lightwell, including AI-powered vulnerability scanning to uncover misconfigurations, control gaps, and hidden dependencies. Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM Consulting, wrote that the service helps organizations develop “the next generation of enterprise cyber resilience, one that is continuous, intelligent, and engineered for the speed of AI”. newsroom.ibm.com

IBM said it is already working with a leading U.S. department store retailer to prepare for Lightwell participation, with broader capabilities drawing on partners including CrowdStrike, Fortinet, and OpenAI. newsroom.ibm.com