RALEIGH, N.C. and ARMONK, N.Y. — IBM and Pink Hat at the moment introduced the industrial launch of Lightwell, delivering automated vulnerability remediation at scale by way of two choices: Lightwell Community and Lightwell Clearinghouse Premier.
Accessible now, Lightwell Community provides enterprises entry to a launch catalog of 6,500+ remediated, digitally signed, and authorized application-layer dependencies throughout main ecosystems, together with Java and Python.
Lightwell Clearinghouse Premier enters a limited-availability part, serving as a trusted middleman for secured patch embargoes and vertical risk coordination. Right this moment’s launch builds on the $5 billion dedication to open supply safety that IBM and Pink Hat introduced in Could 2026, backed by a worldwide power of greater than 20,000 engineers to supervise and scale Lightwell’s superior, AI-driven remediation capabilities.
Lightwell’s rollout scales a mannequin constructed on many years of belief, through which Pink Hat has secured essential programs for 1000’s of shoppers, with hundreds of thousands of core product downloads and an immeasurable variety of patches, bug fixes, and group contributions. It additionally displays the fast momentum and energetic collaboration with design companions from monetary providers business leaders who view Lightwell as essential to fixing this business situation, recognizing that Pink Hat and IBM are uniquely outfitted to ship the required open supply engineering experience and scale. Lightwell now extends that confirmed enterprise safety to a corporation’s open supply software program portfolio.
To ship this belief infrastructure, Lightwell leverages the high-throughput functionality of a generative AI-powered remediation engine that’s already reside and working at scale. This superior, AI-driven automation pipeline combines frontier and open AI fashions with human engineering experience to determine, validate, and remediate vulnerabilities throughout essential dependencies embedded deep inside trendy software program architectures.
Lightwell removes the friction between fast innovation and enterprise compliance by securing the particular software program packages organizations run in energetic manufacturing at the moment, whereas establishing a secure platform for future purposes. To interrupt the dependency remediation impasse, Lightwell makes use of automation to backport essential fixes on to particular, long-lived manufacturing software program variations, serving to handle prolonged regression testing and breaking modifications that usually paralyze groups pressured to undertake main upstream upgrades.
Backed by its AI-powered remediation engine, Pink Hat and IBM count on Lightwell’s catalog of remediated packages to scale quickly from 1000’s to hundreds of thousands.
Pink Hat and IBM are delivering these capabilities by way of two choices:
● Lightwell Community: Typically accessible now, offering fast entry to an energetic and rising library of content material spanning newest to legacy libraries with high-value remediations. Members obtain a steady stream of digitally signed binaries, supply code, and complete compliance artifacts, together with full Software program Payments of Supplies (SBOMs), delivered immediately into current pipelines with out code drift.
● Lightwell Clearinghouse Premier: Getting into a limited-availability industrial onboarding part, this tier is designed to function a trusted middleman for deep business collaboration, superior vertical risk coordination, and secured patch embargoes.
Collaborating organizations can submit vulnerabilities and request focused model remediation below an embargo window. Whereas the platform’s preliminary launch is proscribed to the monetary providers business, Pink Hat and IBM plan to develop Lightwell Clearinghouse Premier to extra essential infrastructure verticals, together with authorities, healthcare, and telecommunications, in future phases. As a result of extremely specialised authorized, geographic, and disclosure frameworks required to function sector-specific clearinghouse networks, industrial entry stays gated to certified taking part organizations.
Lightwell operates below Pink Hat’s confirmed upstream-always mannequin, through which safety fixes are actively submitted again to the originating open supply group for evaluation and acceptance. This ensures industrial protections and group well being regularly reinforce each other, stopping mission fragmentation with out risking in-production zero days.
“No single establishment can maintain tempo with the rising scale and complexity of open supply vulnerabilities alone,” mentioned Scott DePasquale, President and CEO, ARC. “The monetary sector has lengthy demonstrated the worth of collaboration in addressing shared safety challenges, and initiatives that allow coordinated remediation have the potential to strengthen resilience throughout the business.”
“Lightwell represents a elementary structural shift in how we safe all enterprise software program,” mentioned Matt Hicks, President and CEO, Pink Hat. “By pairing automated remediation with our deep engineering heritage, we goal to ship the trusted infrastructure required to eat open supply reliably, sustainably, and at AI speeds.”
“IBM and Pink Hat are giving enterprises licensed fixes they will pull straight into the programs they already run, with no retooling or disruption, backed by a rising community of know-how and supply companions,” mentioned Rob Thomas, Senior Vice President, Software program & Chief Industrial Officer, IBM. “Making that doable takes scale most organizations don’t have, a world-class group of engineers and AI programs working across the clock to guard the open supply software program the world’s enterprises run on.”
“Closely regulated industries equivalent to monetary providers have the very best price of compliance, which means that they take safety extraordinarily critically, particularly in its use of open supply software program,” mentioned Jerry Silva, Program Vice President for IDC Monetary Insights. “The partnership bringing Pink Hat and IBM collectively below the Lightwell banner to determine, triage, and remediate vulnerabilities will bolster the safety and resiliency posture of those organizations globally, making certain the belief that’s the hallmark of the providers they supply.”
With open supply comprising as much as 90% of enterprise codebases and driving 9.8 trillion downloads in 2025 alone, large quantity and $50 AI-generated exploits have damaged conventional patch administration, leaving codebases with a median of 581 vulnerabilities. Lightwell is designed to mitigate this unmapped threat and neutralize execution bottlenecks by evaluating software context and dependency interactions to ship validated fixes immediately into energetic workflows.
Safeguarding the open supply software program provide chain requires an open, numerous ecosystem spanning AI fashions, growth instruments, and enterprise infrastructure. Lightwell is prolonged by a sturdy and rising community of know-how and deployment companions. By collaborating with these business leaders, Lightwell delivers a real orchestrated protection, enabling community guidelines, cloud environments, and deployment pipelines to be up to date concurrently throughout all the enterprise material when a repair is prepared.
● Know-how suppliers: Trade leaders like Amazon Net Companies (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow are collaborating with IBM and Pink Hat on Lightwell. This rising ecosystem ensures that Lightwell’s safety fixes prolong throughout numerous environments, defending a wide selection of current instruments, purposes, and providers with out disruption.
● Deployment & technique providers: To speed up adoption, clients can leverage world-class programs integration and strategic deployment providers by way of engagements with IBM Consulting, Pink Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and threat consulting groups, HCLTech, Infosys, LTM, NTT DATA and Tata Consultancy Companies (TCS).
These organizations assist enterprise clients map SBOMs, handle model mapping, ingest Lightwell registries, and consider pipelines to allow preparedness for AI-velocity vulnerabilities.
Be taught extra about Lightwell at https://www.ibm.com/merchandise/lightwell and https://www.redhat.com/en/lightwell