IBM and Purple Hat Increase Lightwell with New Choices to Construct the Belief Infrastructure for AI-Period Open Supply


RALEIGH, N.C. and ARMONK, N.Y. — July 8, 2026 — IBM (NYSE: IBM) and Purple Hat right this moment introduced the business launch of Lightwell, delivering automated vulnerability remediation at scale via two choices: Lightwell Community and Lightwell Clearinghouse Premier. Out there now, Lightwell Community offers enterprises entry to a launch catalog of 6,500+ remediated, digitally signed, and authorized application-layer dependencies throughout main ecosystems, together with Java and Python. Lightwell Clearinghouse Premier enters a limited-availability part, serving as a trusted middleman for secured patch embargoes and vertical menace coordination.

Right now’s launch builds on the $5 billion dedication to open supply safety that IBM and Purple Hat introduced in Could 2026, backed by a worldwide drive of greater than 20,000 engineers to supervise and scale Lightwell’s superior, AI-driven remediation capabilities. Lightwell’s rollout scales a mannequin constructed on many years of belief, during which Purple Hat has secured important methods for 1000’s of consumers, with thousands and thousands of core product downloads and an immeasurable variety of patches, bug fixes, and neighborhood contributions. It additionally displays the fast momentum and energetic collaboration with design companions from monetary providers {industry} leaders who view Lightwell as important to fixing this {industry} challenge, recognizing that Purple Hat and IBM are uniquely geared up to ship the required open supply engineering experience and scale. Lightwell now extends that confirmed enterprise safety to a company’s open supply software program portfolio.

To ship this belief infrastructure, Lightwell leverages the high-throughput functionality of a generative AI-powered remediation engine that’s already dwell and working at scale. This superior, AI-driven automation pipeline combines frontier and open AI fashions with human engineering experience to determine, validate, and remediate vulnerabilities throughout important dependencies embedded deep inside fashionable software program architectures.

Lightwell removes the friction between fast innovation and enterprise compliance by securing the precise software program packages organizations run in energetic manufacturing right this moment, whereas establishing a steady platform for future purposes. To interrupt the dependency remediation impasse, Lightwell makes use of automation to backport important fixes on to particular, long-lived manufacturing software program variations, serving to deal with prolonged regression testing and breaking adjustments that always paralyze groups compelled to undertake main upstream upgrades. Backed by its AI-powered remediation engine, Purple Hat and IBM anticipate Lightwell’s catalog of remediated packages to scale quickly from 1000’s to thousands and thousands.

Purple Hat and IBM are delivering these capabilities via two choices:

  • Lightwell Community: Typically obtainable now, offering fast entry to an energetic and rising library of content material spanning newest to legacy libraries with high-value remediations. Members obtain a steady stream of digitally signed binaries, supply code, and complete compliance artifacts, together with full Software program Payments of Supplies (SBOMs), delivered instantly into current pipelines with out code drift.
  • Lightwell Clearinghouse Premier: Getting into a limited-availability business onboarding part, this tier is designed to function a trusted middleman for deep {industry} collaboration, superior vertical menace coordination, and secured patch embargoes. Collaborating organizations can submit vulnerabilities and request focused model remediation beneath an embargo window. Whereas the platform’s preliminary launch is proscribed to the monetary providers {industry}, Purple Hat and IBM plan to develop Lightwell Clearinghouse Premier to further important infrastructure verticals, together with authorities, healthcare, and telecommunications, in future phases. Because of the extremely specialised authorized, geographic, and disclosure frameworks required to function sector-specific clearinghouse networks, business entry stays gated to certified collaborating organizations.

Lightwell operates beneath Purple Hat’s confirmed upstream-always mannequin, during which safety fixes are actively submitted again to the originating open supply neighborhood for evaluation and acceptance. This ensures business protections and neighborhood well being frequently reinforce each other, stopping venture fragmentation with out risking in-production zero days.

“No single establishment can preserve tempo with the rising scale and complexity of open supply vulnerabilities alone,” mentioned Scott DePasquale, President and CEO, ARC. “The monetary sector has lengthy demonstrated the worth of collaboration in addressing shared safety challenges, and initiatives that allow coordinated remediation have the potential to strengthen resilience throughout the {industry}.”

“Lightwell represents a basic structural shift in how we safe all enterprise software program,” mentioned Matt Hicks, President and CEO, Purple Hat. “By pairing automated remediation with our deep engineering heritage, we purpose to ship the trusted infrastructure required to eat open supply reliably, sustainably, and at AI speeds.”

“IBM and Purple Hat are giving enterprises licensed fixes they will pull straight into the methods they already run, with no retooling or disruption, backed by a rising community of know-how and supply companions,” mentioned Rob Thomas, Senior Vice President, Software program & Chief Industrial Officer, IBM. “Making that attainable takes scale most organizations haven’t got, a world-class group of engineers and AI methods working across the clock to guard the open supply software program the world’s enterprises run on.”

“Closely regulated industries similar to monetary providers have the best price of compliance, that means that they take safety extraordinarily significantly, particularly in its use of open supply software program,” mentioned Jerry Silva, Program Vice President for IDC Monetary Insights. “The partnership bringing Purple Hat and IBM collectively beneath the Lightwell banner to determine, triage, and remediate vulnerabilities will bolster the safety and resiliency posture of those organizations globally, making certain the belief that’s the hallmark of the providers they supply.”

With open supply comprising as much as 90% of enterprise codebases and driving 9.8 trillion downloads in 2025[1] alone, large quantity and $50 AI-generated exploits[2] have damaged conventional patch administration, leaving codebases with a median of 581 vulnerabilities[3]. Lightwell is designed to mitigate this unmapped threat and neutralize execution bottlenecks by evaluating software context and dependency interactions to ship validated fixes instantly into energetic workflows.

Safeguarding the open supply software program provide chain requires an open, various ecosystem spanning AI fashions, growth instruments, and enterprise infrastructure. Lightwell is prolonged by a strong and rising community of know-how and deployment companions. By collaborating with these {industry} leaders, Lightwell delivers a real orchestrated protection, enabling community guidelines, cloud environments, and deployment pipelines to be up to date concurrently throughout your entire enterprise cloth when a repair is prepared.

  • Expertise suppliers: Trade leaders like Amazon Internet Companies (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow are collaborating with IBM and Purple Hat on Lightwell. This rising ecosystem ensures that Lightwell’s safety fixes lengthen throughout various environments, defending a big selection of current instruments, purposes, and providers with out disruption.

     
  • Deployment & technique providers: To speed up adoption, prospects can leverage world-class methods integration and strategic deployment providers via engagements with IBM Consulting, Purple Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and threat consulting groups, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Companies (TCS), and Tech Mahindra. These organizations assist enterprise prospects map SBOMs, handle model mapping, ingest Lightwell registries, and consider pipelines to allow preparedness for AI-velocity vulnerabilities.

Be taught extra about Lightwell at https://www.ibm.com/products/lightwell and https://www.redhat.com/en/lightwell.

Supporting Quotes:

Mark Hughes, International Managing Associate for Cybersecurity Companies, IBM Consulting

“Lightwell introduces a brand new mannequin for addressing software program provide chain threat via fast validation and trusted remediation. IBM Consulting helps enterprises construct on that basis by increasing our providers to assist organizations put together for Lightwell and create an working mannequin that makes cyber operations extra steady and adaptive, moderately than reactive.”

Kevin Sherry, International Vice President, Companies, Purple Hat

“Closing the vulnerability hole from discovery to remediation requires a mix of automation, experience, and know-how. Purple Hat Consulting has over 20 years of open supply growth and data and, along with our Safety Technical Account Administration (TAM) providing, offers the Lightwell basis for proactively supporting our prospects’ protection posture and remediation processes. Working with our ecosystem, we accomplice to speed up, streamline and safe our prospects’ complete operational lifecycle.”

Harpreet Sidhu, International Cybersecurity Lead, Accenture

“Securing the open supply software program provide chain has turn out to be a posh operational problem, notably in heavily-regulated industries the place the price of disruption is excessive. Lightwell may also help organizations keep stability in manufacturing environments with out forcing organizations into disruptive improve cycles. Mixed with Accenture’s deep cybersecurity and large-scale enterprise transformation experience, we’re higher positioned to assist purchasers transfer quicker and with better confidence, with out buying and selling cybersecurity for agility.”

Philip Guido, Government Vice President and Chief Industrial Officer, AMD

“As enterprises and the monetary sector transfer AI into full manufacturing, belief within the open supply software program provide chain turns into important to innovation. AMD is proud to work with Purple Hat and IBM to advance open supply, standards-based applied sciences that give prospects selection and confidence. Lightwell, together with the AMD enterprise and AI portfolio of options, may also help to scale back software program threat and energy the dimensions, effectivity and suppleness prospects must speed up their AI adoption.”

Michael Kollar, Government Vice President and Head of Cloud & Trendy Infrastructure, Atos

“As organizations speed up their adoption of open supply, sustaining management of the software program provide chain has turn out to be a important factor of digital sovereignty. We welcome improvements similar to Lightwell from IBM and Purple Hat, which assist strengthen belief in open supply ecosystems. Atos combines cybersecurity management, sovereign digital experience, and deep open supply expertise to assist prospects securely operationalize these capabilities at enterprise scale.”

Vishal Salvi, International Head of Cybersecurity Service Line, Cognizant

“In right this moment’s interconnected panorama, the sheer scale of unaddressed vulnerabilities throughout the open supply provide chain has turn out to be an actual menace to enterprise continuity, with unsecured code already sitting in manufacturing. By Purple Hat and IBM’s Lightwell, Cognizant helps organizations deal with this systematic problem via refactoring and remediation of core code. We purpose to supply purchasers with enhanced visibility they should map SBOMs, assist the adoption of important fixes, and help organizations as they modernize their core methods extra effectively and with better confidence.”

Adnan Amjad, U.S. Cyber chief, Deloitte

“As AI accelerates each the tempo of software program growth and the sophistication of threats, enterprises are grappling with unprecedented open supply software program threat. Securing this ecosystem requires automated remediation at scale. By Deloitte’s alliance with IBM and Purple Hat, collectively we’re serving to organizations strategically deploy Lightwell’s capabilities to safe their software program provide chains to remediate vulnerabilities with out sacrificing pace or operational continuity.”

Michael Montoya, Chief Expertise Operations Officer, F5

“The assault capabilities of frontier AI fashions have inverted conventional software program patching home windows. Ecosystem collaboration throughout extremely regulated industries similar to monetary providers offers tangible blueprints for enterprise cybersecurity going ahead. With a shared emphasis on real-time remediation and runtime safety, F5 is proud to align with IBM and Purple Hat’s Lightwell to safe fashionable multicloud architectures counting on a mix of open supply and vendor-specific deployments.”

Kalyan Kumar, President, HCLSoftware

“Securing the AI period requires that each layer of the software program stack, from open supply dependencies to working manufacturing endpoints, is remediated repeatedly with no tolerance for drift and no disruptive improve cycles. Lightwell closes the package-level hole at precisely the suitable second within the provide chain. HCLSoftware closes it on the software and endpoint layers via AppScan, BigFix Remediate, and HCL DevOps Loop, with AIForce including the much-needed intelligence to prioritize and act at pipeline pace. Integration with IBM Live performance ensures that safety alerts and remediation actions move right into a unified operational view throughout the stack. This ecosystem mannequin is how enterprises construct resilience that compounds over time, not simply safety protection that decays.”

Invoice Pearson, Vice President of Information Middle and AI Software program, Intel

“As AI accelerates the dimensions of software program growth, it additionally accelerates cyber threat. As a foundational contributor to the Linux kernel – and an advocate for open-source innovation – for greater than three many years, Intel believes that securing the trendy software program provide chain requires a holistic method that connects silicon-level belief with strong, community-driven code. IBM and Purple Hat’s Lightwell helps to handle this industry-wide want, and align to Intel’s dedication to safe the trendy, digital infrastructure that enterprises depend on each day.”

Gal Marder, Chief Technique Officer, JFrog

“We’ve got entered an period of adversarial symmetry. The great guys are innovating quickly, however dangerous actors are shifting simply as quick. Right now’s AI fashions are discovering gaps far quicker than most organizations can patch them, leaving enterprises extremely susceptible to assault. To outlive this unprecedented menace atmosphere, organizations should automate safety at a totally totally different tempo and scale. We’re thrilled to collaborate with IBM and Purple Hat on Lightwell as we assist firms determine and remediate points, then operationalize open supply patching at scale. Because the definitive system of file and belief layer, JFrog delivers the automated controls wanted to make sure actual safety retains tempo with AI-accelerated threats.”

Paul Savill, International Observe Chief, Cyber Resilience & Connectivity, Kyndryl

“Addressing open-source software program provide chain threat at enterprise scale is a precedence for patrons throughout industries. Kyndryl is dedicated to serving to organizations mitigate threat by integrating superior AI and automation capabilities into their growth and operations workflows, enabling quicker remediation and better confidence within the software program that powers their enterprise.”

Chandan Pani, Chief Info Safety Officer, LTM

“As enterprises scale AI adoption, securing open-source software program has turn out to be important to sustaining belief, resilience, and growth velocity. By our partnership with IBM and as a part of Lightwell, LTM helps prospects strengthen software program provide chain safety with trusted, automated remediation at scale—enabling them to innovate quicker whereas decreasing threat throughout their growth environments.”

Sandy Gupta, Vice President, Associate Improvement ISV, Microsoft

“Pace in delivering patches to prospects is important. We’re already working along with IBM and Purple Hat as a part of the Linux Foundation’s Akrites effort and now extending that collaboration to Lightwell to make sure important fixes attain prospects as shortly as attainable utilizing the quickest supply mechanisms and instruments.”

Justin Boitano, Vice President, Enterprise AI Platforms, NVIDIA

“The way forward for cyber protection can’t be a black field. Defenders want an open ecosystem that mixes main fashions with open harnesses, giving them the context, customization, and pace to shut vulnerabilities earlier than adversaries can exploit them. NVIDIA is working with Purple Hat, IBM, and the broader ecosystem to deliver these developments to Lightwell, serving to organizations shut the hole between vulnerability detection and remediation at agent pace.”

Anand Oswal, Government Vice President of AI & Community Safety, Palo Alto Networks

“We’re proud to collaborate with IBM and Purple Hat on the final availability of Lightwell. By integrating their automated remediation engine with Palo Alto Networks digital patching capabilities, we ship network-level safety throughout our prospects’ important management factors via our platformization technique. This delivers strong, autonomous safety with out the chance of breaking manufacturing workflows.”

Sanjeev Mehrotra, International Head – Cyber Safety & Danger Administration, Tech Mahindra

“As AI accelerates software program growth, open supply has turn out to be the muse of enterprise innovation, making software program provide chain safety extra important than ever. Organizations right this moment face the problem of securing more and more advanced dependency ecosystems whereas sustaining growth velocity and operational resilience. Our collaboration with IBM and Purple Hat on Lightwell reinforces Tech Mahindra’s dedication to serving to enterprises strengthen software program provide chain safety and confidently operationalize trusted open supply at scale. By combining our deep engineering experience with sturdy integration and deployment capabilities, we’re enabling prospects to embed automated, safe, and resilient software program supply practices into their current growth environments.”

Statements concerning IBM’s and Purple Hat’s future course and intent are topic to vary or withdrawal with out discover, and signify targets and targets solely.

About IBM

IBM is a number one supplier of world hybrid cloud and AI, and consulting experience. We assist purchasers in additional than 175 nations capitalize on insights from their information, streamline enterprise processes, cut back prices and achieve the aggressive edge of their industries. Hundreds of governments and company entities in important infrastructure areas similar to monetary providers, telecommunications and healthcare depend on IBM’s hybrid cloud platform and Purple Hat OpenShift to have an effect on their digital transformations shortly, effectively and securely. IBM’s breakthrough improvements in AI, quantum computing, industry-specific cloud options and consulting ship open and versatile choices to our purchasers. All of that is backed by IBM’s long-standing dedication to belief, transparency, duty, inclusivity and repair. Go to www.ibm.com for extra info.

About Purple Hat

Red Hat is the open hybrid cloud know-how chief, delivering a trusted, constant and complete basis for transformative IT innovation and AI purposes. Its portfolio of cloud, developer, AI, Linux, automation and software platform applied sciences allows any software, anyplace—from the datacenter to the sting. Because the world’s main supplier of enterprise open supply software program options, Purple Hat invests in open ecosystems and communities to resolve tomorrow’s IT challenges. Collaborating with companions and prospects, Purple Hat helps them construct, join, automate, safe and handle their IT environments, supported by consulting providers and award-winning coaching and certification choices.

Michele Brancati

IBM

brancati@ibm.com

John Terrill

Purple Hat

terrill@redhat.com