Corporate applications operate on a combination of internal code alongside commercial and open source software. Flaws within this matrix allow adversaries using frontier artificial intelligence models to discover zero-day exploits. To mitigate this exposure, Deloitte, an organization offering cyber risk services and secured software supply chain architecture, joined an integration agreement with IBM, a technology vendor deploying enterprise open source security models, and Red Hat, an IT automation software developer. The agreement expands Lightwell, a security framework operated by the two technology providers to protect the software supply chain against automated cyber threats.
The Lightwell framework separates security remediation from the standard software upgrade cycle. The initiative coordinates upstream threat disclosures with independent software maintainers to test and backport patches. These validated fixes go to the specific pinned software versions running in production environments. This method secures critical systems without forcing full application upgrades.
Under the expanded collaboration, Deloitte will provide orchestration services to map code and analyze threat exposure. The firm will also maintain a group of Forward Deployed Engineers to support ongoing patch deployment. The three entities will manage pre-disclosure vulnerability handovers while producing evidence-based compliance reporting for auditors and corporate boards.
“Exploits don't wait for manual patching processes, and neither can enterprise response,” said Adnan Amjad, Deloitte’s US Cyber leader. “Together, we're enabling clients to operate at machine speed to identify, validate, and remediate vulnerabilities. This collaboration is about building the operational resilience needed to maintain trust across increasingly complex software ecosystems — creating systems that can withstand and neutralize risk without disrupting the business.”
“Lightwell was created to address the growing challenge of securing open source software in an AI-driven threat landscape,” said Savio Rodrigues, Vice President, Service Partners at IBM. “It brings together the engineering, automation, and ecosystem partnerships needed to tackle this risk at scale. “We’re excited to collaborate with Deloitte and leverage their capabilities in cyber risk management to extend this model to more organizations.”
"Open source drives innovation, but the volume of AI-generated threats requires engineering capacity that matches the speed of the attacker," says Kevin Kennedy, Vice President, Global Partner Ecosystem at Red Hat. "Our work with Deloitte will bring the remediation capabilities we developed with IBM with Lightwell directly to enterprise application environments. Together we will isolate, patch, and deliver the fixes, supporting the open source ecosystem while protecting the specific versions our customers depend on."
The Lightwell expansion builds upon a decade-long alliance between Deloitte and Red Hat focused on managing hybrid cloud complexity and accelerating business integration.
