For more than 20 years in this industry, the conversation around enterprise software procurement followed a highly predictable script. An organisation would buy a subscription for an open source solution, lock down a certified version, and effectively try never to touch it again unless something broke. Security updates arrived on a slow, linear cadence. That era is officially over.Frontier AI models have fundamentally changed the game in security patching. Automated tools can surface thousands of vulnerabilities across open source software ecosystems in practically no time. Therefore, the security imperative is no longer simply identifying a problem, but having the technical capacity to fix it without bringing your core business to a standstill.Our recent announcement with IBM on Lightwell represents a complete shift in how we show up for our customers. By backing a vast global force of engineers with advanced AI tools, we are delivering the enterprise trust infrastructure for the open source supply chain far beyond our own traditional platform boundaries. It is the largest single commitment to open source security since IBM’s landmark $1 billion investment in Linux back in 1999. From where I sit, this completely redefines the currency of enterprise velocity.The true cost of high-interest technical debtWhen you look at the modern enterprise stack, on average, more than 90% of the codebase relies on open source or third-party dependencies. Above traditional platforms sit hundreds of libraries, runtimes, and application frameworks that run the core applications of global banks, healthcare networks, and critical infrastructure. Historically, when an engineering team discovered a flaw deep within one of these dependencies, they faced three equally painful options:Upgrade the entire package and risk breaking complex, mission-critical production environments.Patch it internally and force developers to carry a permanent, private fork forever.Accept the risk and sit exposed to a known exploit.In highly regulated environments, the upgrade path is frequently impossible because systems are locked to a certified version. This is where patching becomes a strategic asset. By delivering signed, compliant patches backported to the exact, pinned versions our customers run in production, Lightwell removes the friction and gives teams back their commercial runway.Moving the boundary linesRed Hat already patches open source technology, but Lightwell represents a massive evolutionary leap forward. We are actively stepping outside of our traditional infrastructure and platform boundaries to meet customers precisely where they are. Through Lightwell Network, now generally available, we deliver an active, continuous subscription stream of remediated packages directly to members repositories. If an organisation is running hundreds of application workloads across fragmented environments,we will patch those open source dependencies, evaluating full application context and dependency interactions to deliver validated, zero-drift fixes directly into their pinned versions.This entire launch framework reflects deep momentum and active collaboration with design partners and initial institutions, including many leading financial institutions. While Lightwell Network provides immediate, broad commercial access to our catalog of remediated application-layer dependencies, Lightwell Clearinghouse Premier opens a specialised path for deeper vertical threat coordination. When one Lightwell Clearinghouse Premier member encounters a threat, we build the fix, validate it, and clear it across the entire network under a secure embargo window before the vulnerability can be weaponised. Subsequently, we will push those fixes back to the upstream community to ensure commercial protections and broader open source health continually reinforce one another..It is a massive team effort. Human engineering capacity and scale is the premium asset. AI handles the high-volume triage, but it takes experienced human judgment to perform the surgery on code without breaking downstream systems.System security is a long gameGiven the responses from early customers who have engaged with Lightwell, this addresses an ever-accelerating threat. These organisations recognise that a secure supply chain is a fundamental requirement to safely adopt AI and hybrid cloud technologies at scale. By solving this acute structural problem today, we are establishing a consistent, cost-effective, and trusted consumption framework for the future of enterprise software.
The new currency of enterprise velocity
Andrew Brown explains how Red Hat's recent announcement with IBM on Lightwell represents a complete shift in how we show up for our customers.








