Deloitte collaborates with IBM and Red Hat to scale automated vulnerability patching across regulated software supply chains
Jun 26, 2026
NEW YORK, ARMONK, N.Y. and RALEIGH, N.C., June 26, 2026 — Deloitte, IBM (NYSE: IBM), and Red Hat today announced a collaboration to help protect the software supply chain against increasingly automated cyber threats. Deloitte joins the initiative as an integration collaborator for Lightwell, bringing its broader secured software supply chain architecture and cyber risk services to the large-scale enterprise open source security model deployed by IBM and Red Hat.
Most organizations rely on a mix of first-party code, open source software, and third-party commercial software. Because a single business application can include all three, an unpatched vulnerability can introduce immediate risk across the entire corporate estate. Frontier AI models have accelerated this risk and can enable adversaries to discover and exploit zero-day flaws in minutes.
Lightwell aims to help address this operational pressure by decoupling open source software security remediation from the traditional software upgrade cycle. The initiative combines an enterprise open source security model with an active engineering force. Supported by IBM and Red Hat, Lightwell coordinates upstream threat disclosures with independent maintainers while developing, testing, and backporting patches directly to the pinned software versions running in production environments. Lightwell delivers validated patches to those specific, in-use software versions, protecting critical systems without forcing disruptive upgrades.















