3 min Security

IBM and Red Hat expand Lightwell with open-source blockchain services

IBM and Red Hat expand Lightwell with open-source blockchain services

Following the introduction of Project Lightwell in May, the first commercial rollout is now underway. IBM and Red Hat are introducing two services: Lightwell Network, which is immediately generally available, and Lightwell Clearinghouse Premier, which is launching in a limited availability phase. Both are designed to further automate the management of vulnerabilities in open-source software using AI.

According to both companies, pressure is mounting on organizations to respond more quickly to security vulnerabilities. Open-source components now make up the bulk of modern software stacks, while, according to IBM and Red Hat, AI also enables attackers to find and exploit vulnerabilities more quickly. Traditional patching processes are finding it increasingly difficult to keep up with that pace.

At the heart of Lightwell is an AI-driven remediation engine that analyzes vulnerabilities and “backports” security patches to older, still widely used software versions. This should enable organizations to resolve security issues without immediately performing a complete software upgrade, a process that often involves extensive testing and risk in mission-critical environments.

At launch, Lightwell Network includes more than 6,500 digitally signed and certified software packages for Java and Python environments, among others. The patches are delivered with Software Bills of Materials (SBOMs) and other compliance information, allowing them to be integrated directly into existing development and deployment processes.

Collaboration within critical sectors

The second service, Lightwell Clearinghouse Premier, focuses on collaboration among organizations within highly regulated sectors. Initially, this will be available exclusively to financial institutions. The environment is designed to serve as a trusted platform for the confidential sharing of vulnerabilities, the coordination of patches under embargo, and a joint response to threats. IBM and Red Hat say they plan to make the service available later to sectors such as government, healthcare, and telecommunications.

The commercial launch builds on the $5 billion investment that IBM and Red Hat announced in May for Project Lightwell. At that time, the companies announced they would deploy more than 20,000 engineers to enable AI-supported vulnerability analysis and patch development on a large scale. The services now being launched represent the first concrete implementation of that strategy.

Notably, IBM and Red Hat are explicitly positioning Lightwell as a complement to the existing open-source ecosystem. Security fixes are fed back to the original open-source projects according to the so-called “upstream first” principle, ensuring that commercial support does not lead to separate software forks.

An extensive partner network is forming around Lightwell. Technology companies such as AWS, AMD, GitLab, Intel, Microsoft, Nvidia, Palo Alto Networks, and ServiceNow support the initiative. In addition, major service providers such as Accenture, Deloitte, EY, HCLTech, Infosys, Kyndryl, NTT DATA, and Tata Consultancy Services will help organizations implement the new services.