Seville, Spain
Seville, Spain
+(34) 624 816 969
In a move that redefines enterprise security, IBM, Red Hat, and Palo Alto Networks have announced a strategic collaboration to protect open source software (OSS) from the most advanced threats, including those driven by artificial intelligence. This alliance combines the remediation expertise of IBM/Red Hat's Project Lightwell with Palo Alto's network-based virtual patching technology, offering businesses proactive, real-time defense.

Table of contents [Show]
Announced in May, Project Lightwell is a $5 billion project that IBM and Red Hat describe as “a center of enterprise trust combined with a global force of engineers to identify and fix vulnerabilities at scale.” Using advanced AI capabilities, this center validates and tests solutions across an unprecedented volume of open source code. Enterprises will be able to access these capabilities through commercial subscriptions, integrating secure patches directly into their software supply chains with enterprise-level validation and lifecycle management.
Nikesh Arora, CEO of Palo Alto Networks, noted that “AI has compressed the time between vulnerability discovery and exploitation from weeks to minutes. Traditional patching cannot keep pace.” This alliance aims to return the advantage to defenders by neutralizing threats on the network while ensuring business continuity. The collaboration builds on the long-standing relationship between IBM and Palo Alto, who have already worked together on services like Quantum-Safe Readiness and AI risk assessments in the cloud.

The initiative includes three fundamental pillars:
Additionally, the companies plan to establish secure processes for sharing vulnerability information among software vendors, technology providers, and security teams, accelerating the development of protections and providing anonymized telemetry on real exploitation attempts.
Open source software underpins modern enterprise infrastructure: more than 90% of Fortune 500 companies rely on OSS, according to a Worldmetric study cited by IBM. Project Lightwell already has early adopters such as Bank of America, BNY, Citi, Goldman Sachs, JPMorgan Chase, Mastercard, Morgan Stanley, RBC, State Street, Visa, and Wells Fargo. This alliance not only protects these institutions but sets a standard for software supply chain security.

This collaboration adds to other IBM and Red Hat security initiatives, such as the integration with Nvidia for confidential computing or time management solutions that also require secure environments. The combination of virtual patching and automated remediation represents a significant advance against the challenges posed by AI, as discussed in articles on the impact of AI on open source.
For businesses, this alliance means being able to trust that their critical systems are protected even before official patches are released, reducing the window of exposure to attacks. As with SAS's mature analytics, security also requires pragmatism and proven solutions.
Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.