IBM and Red Hat have begun the first commercial rollout of Project Lightwell by introducing two new services designed to strengthen open-source software security through artificial intelligence and blockchain technology. The companies launched Lightwell Network with immediate general availability, while Lightwell Clearinghouse Premier has entered a limited availability phase, initially targeting financial institutions.
The launch marks the first commercial implementation of Project Lightwell, which IBM and Red Hat unveiled in May as part of a broader initiative to modernize vulnerability management for open-source software. The companies have positioned the platform as a response to the growing complexity of securing modern software environments, where open-source components now account for much of the underlying technology stack.
According to the companies, organizations are facing increasing pressure to address software vulnerabilities more rapidly as artificial intelligence enables attackers to identify and exploit security weaknesses more efficiently. They indicated that conventional software patching processes are becoming less effective at keeping pace with the growing volume and speed of emerging threats.
IBM and Red Hat have commercially launched Lightwell Network and Lightwell Clearinghouse Premier to automate open-source vulnerability management through AI while leveraging blockchain-based services for secure collaboration.
At the core of the platform is an AI-powered remediation engine that analyzes identified vulnerabilities and generates backported security patches for older software versions that remain widely deployed in enterprise environments. This approach is intended to allow organizations to resolve security issues without immediately upgrading to newer software releases, a process that often requires extensive testing and can introduce operational risks in mission-critical systems.
Open source powers innovation, but securing it remains a growing challenge.@IBM and @RedHat are expanding Lightwell with new offerings designed to help organizations remediate vulnerabilities at scale and reduce software supply chain risk.
Learn more here:… pic.twitter.com/ZavTFawya9
— IBM News (@IBMNews) July 8, 2026
Lightwell Network launches with more than 6,500 digitally signed and certified software packages covering environments such as Java and Python. The software packages are distributed together with Software Bills of Materials (SBOMs) and related compliance documentation, enabling enterprises to integrate the updates into their existing software development and deployment workflows while maintaining regulatory and security requirements.
The second offering, Lightwell Clearinghouse Premier, is focused on collaboration among organizations operating in highly regulated industries. During its initial rollout, access will be limited to financial institutions, providing them with a trusted environment for confidential vulnerability disclosure, coordinated patch management under embargo, and joint responses to cybersecurity threats.
More than 90% of the modern enterprise stack relies on open source or third-party dependencies. When flaws surface deep within your code base, how do you fix them without crashing production? Andrew Brown explains how Lightwell is the future of enterprise software:… pic.twitter.com/BKp1sn9LMV
— Red Hat (@RedHat) July 8, 2026
IBM and Red Hat stated that they intend to expand the service beyond financial services in future phases, making it available to sectors including government, healthcare, and telecommunications, where secure collaboration on cyber threats is increasingly important.
The platform’s AI remediation engine backports security patches to legacy software versions, enabling enterprises to address vulnerabilities without undertaking immediate full-scale software upgrades.
The commercial deployment follows the companies’ previously announced $5 billion investment in Project Lightwell. As part of that initiative, IBM and Red Hat disclosed plans to deploy more than 20,000 engineers dedicated to AI-assisted vulnerability analysis and large-scale patch development. The newly introduced services represent the first operational products resulting from that long-term investment strategy.
Securing the open source supply chain is a mission best accomplished together. Learn how our global partner ecosystem is rallying behind Lightwell to deliver automated vulnerability remediation at scale: https://t.co/xhDr3Ljfh1 pic.twitter.com/rEbMwsSDZr
— Red Hat Partners (@RedHatPartners) July 8, 2026
The companies also emphasized that Lightwell is intended to complement, rather than replace, the broader open-source ecosystem. Security fixes developed through the platform are contributed back to the original open-source projects under an upstream-first model, ensuring that commercial support does not create separate software versions or fragmented code bases.
A broad ecosystem of technology providers and consulting firms has joined the initiative. Technology partners include AWS, AMD, GitLab, Intel, Microsoft, Nvidia, Palo Alto Networks, and ServiceNow, while implementation support will be provided by firms such as Accenture, Deloitte, EY, HCLTech, Infosys, Kyndryl, NTT DATA, and Tata Consultancy Services.
The expanding partner network reflects growing industry interest in collaborative approaches to cybersecurity as organizations seek more efficient methods for securing increasingly complex software supply chains.
By combining AI-driven remediation, blockchain-enabled collaboration, and upstream integration with open-source projects, Lightwell aims to accelerate enterprise vulnerability management while preserving compatibility with the broader open-source ecosystem.
