Deloitte collaborates with IBM and Red Hat to scale automated vulnerability patching across regulated software supply chains

Deloitte, IBM, and Red Hat today announced a collaboration to help protect the software supply chain against increasingly automated cyber threats. Deloitte joins the initiative as an integration collaborator for Lightwell, bringing its broader secured software supply chain architecture and cyber risk services to the large-scale enterprise open source security model deployed by IBM and Red Hat.

Most organizations rely on a mix of first-party code, open source software, and third-party commercial software. Because a single business application can include all three, an unpatched vulnerability can introduce immediate risk across the entire corporate estate. Frontier AI models have accelerated this risk and can enable adversaries to discover and exploit zero-day flaws in minutes.

Lightwell aims to help address this operational pressure by decoupling open source software security remediation from the traditional software upgrade cycle. The initiative combines an enterprise open source security model with an active engineering force. Supported by IBM and Red Hat, Lightwell coordinates upstream threat disclosures with independent maintainers while developing, testing, and backporting patches directly to the pinned software versions running in production environments. Lightwell delivers validated patches to those specific, in-use software versions, protecting critical systems without forcing disruptive upgrades.

Through this collaboration, the three organizations will coordinate across the software lifecycle to help clients manage security threats:

• Continuous Visibility & Discovery: Continuously mapping and scanning first-party, open source, and third-party software to identify exactly what code exists, where it runs, and which critical business functions it supports.

• Contextual Prioritization: Separating active threats from noise by analyzing severity, exposure, threat-chaining, and exploitability to inform operational decisions.

• Machine-Speed Remediation: Combining Red Hat and IBM’s automated patch validation with Deloitte’s orchestration services to rapidly coordinate, test, and deploy validated fixes into production repositories, limiting disruption. To achieve this, Deloitte will maintain a bench of Forward Deployed Engineers (FDEs) to support ongoing remediation and maintenance of client applications.

• Ecosystem Trust & Compliance: Through the collaboration, the organizations will help enterprises manage upstream open source and vendor relationships, including pre-disclosure vulnerability handovers, while delivering continuous, evidence-based reporting for boards, auditors, and regulators.

“Exploits don't wait for manual patching processes, and neither can enterprise response,” said Adnan Amjad, Deloitte’s US Cyber leader. “Together, we're enabling clients to operate at machine speed to identify, validate, and remediate vulnerabilities. This collaboration is about building the operational resilience needed to maintain trust across increasingly complex software ecosystems — creating systems that can withstand and neutralize risk without disrupting the business.”

“Lightwell was created to address the growing challenge of securing open source software in an AI-driven threat landscape,” said Savio Rodrigues, Vice President, Service Partners at IBM. “It brings together the engineering, automation, and ecosystem partnerships needed to tackle this risk at scale. We’re excited to collaborate with Deloitte and leverage their capabilities in cyber risk management to extend this model to more organizations.”

"Open source drives innovation, but the volume of AI-generated threats requires engineering capacity that matches the speed of the attacker," says Kevin Kennedy, Vice President, Global Partner Ecosystem at Red Hat. "Our work with Deloitte will bring the remediation capabilities we developed with IBM with Lightwell directly to enterprise application environments. Together we will isolate, patch, and deliver the fixes, supporting the open source ecosystem while protecting the specific versions our customers depend on."

As the pace of vulnerability discovery increases, organizations are looking for solutions that help reduce exposure while improving accountability across the software lifecycle. This collaboration aims to help clients do exactly that — transform software supply chain security from a fragmented, reactive process into a coordinated, evidence-based operating model.

This collaboration builds on the broader Deloitte and IBM relationship focused on helping clients address cybersecurity, resilience, digital trust, and other emerging technology risks. It also draws on the decade-long Deloitte and Red Hat alliance, which combines open source technologies and IT automation to help enterprises manage hybrid cloud complexity and accelerate business integration. Learn more about the Deloitte and IBM relationship here, and explore Deloitte’s alliance with Red Hat here.

About Deloitte

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 9,000 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters for our people, clients, and communities. We bring together distinct talents, technologies, disciplines, and an ecosystem of alliances to help tackle today’s most complex business challenges and drive long-term progress. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 180 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s approximately 470,000 people worldwide connect for impact at www.deloitte.com.

About IBM

IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service. Visit www.ibm.com for more information.

About Red Hat

Red Hat is the open hybrid cloud technology leader, delivering a trusted, consistent and comprehensive foundation for transformative IT innovation and AI applications. Its portfolio of cloud, developer, AI, Linux, automation and application platform technologies enables any application, anywhere—from the datacenter to the edge. As the world's leading provider of enterprise open source software solutions, Red Hat invests in open ecosystems and communities to solve tomorrow's IT challenges. Collaborating with partners and customers, Red Hat helps them build, connect, automate, secure and manage their IT environments, supported by consulting services and award-winning training and certification offerings.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260626616311/en/

“Exploits don't wait for manual patching processes, and neither can enterprise response. Together, we're enabling clients to operate at machine speed to identify, validate, and remediate vulnerabilities."