IBM and Red Hat commercially launch Lightwell with Network and Clearinghouse Premier

IBM (NYSE:IBM) and Red Hat have announced the commercial launch of Lightwell, expanding the platform through two offerings aimed at automated vulnerability remediation for open source dependencies: Lightwell Network and Lightwell Clearinghouse Premier. IBM and Red Hat said Lightwell Network is available now, while Lightwell Clearinghouse Premier is entering a limited-availability commercial onboarding phase.

According to the companies, Lightwell Network launches with a catalog of 6,500+ remediated, digitally signed, and certified application-layer dependencies across major ecosystems including Java and Python. Members receive digitally signed binaries and source code, along with compliance artifacts such as complete Software Bills of Materials (SBOMs), designed to integrate into existing development pipelines.

Lightwell Clearinghouse Premier is positioned as a trusted intermediary for secured patch embargoes and vertical threat coordination. IBM and Red Hat said the initial launch is limited to the financial services industry, enabling participating organisations to submit vulnerabilities and request targeted version remediation under an embargo window, with plans to expand to other critical infrastructure verticals—government, healthcare, and telecommunications—in future phases.

IBM and Red Hat said this launch builds on a $5 billion commitment to open source security announced in May 2026 and is backed by “a global force of more than 20,000 engineers” to scale Lightwell’s AI-driven remediation capabilities. The companies said Lightwell uses automation to backport fixes to specific long-lived production versions to reduce disruption associated with major upstream upgrades, and operates under Red Hat’s “upstream-always” model, submitting fixes back to originating open source communities.

Executive and industry commentary framed the move as a response to rising vulnerability volumes and coordination challenges. “No single institution can keep pace with the growing scale and complexity of open source vulnerabilities alone,” said Scott DePasquale, President and CEO, ARC. Matt Hicks, President and CEO, Red Hat, said: “Lightwell represents a fundamental structural shift in how we secure all enterprise software.” Rob Thomas, Senior Vice President, Software & Chief Commercial Officer, IBM, added: “IBM and Red Hat are giving enterprises certified fixes they can pull straight into the systems they already run, with no retooling or disruption, backed by a growing network of technology and delivery partners.”

IBM and Red Hat also detailed a partner ecosystem spanning technology providers—including Amazon Web Services (AWS), AMD, F5, GitLab, Intel, JFrog, Microsoft, NVIDIA, Palo Alto Networks, and ServiceNow—and services organisations such as IBM Consulting, Red Hat Consulting, Accenture, Atos, Cognizant, Deloitte, EY cyber and risk consulting teams, HCLTech, Infosys, Kyndryl, LTM, NTT DATA, Tata Consultancy Services (TCS), and Tech Mahindra, intended to support deployment and integration.