Deloitte partners with IBM and Red Hat on Lightwell to protect enterprises from AI-driven zero-day exploits by injecting automated, backported patches directly into production code.
On June 26, 2026, Deloitte joined IBM and Red Hat as an integration collaborator for Lightwell, a project launched in May 2026 with a $5 billion commitment.
With frontier AI models allowing adversaries to exploit zero-day vulnerabilities within minutes, traditional manual patching cycles can no longer keep up. Lightwell addresses this by decoupling open-source security remediation from disruptive software upgrade cycles. Instead of forcing massive version upgrades, Lightwell coordinates with upstream maintainers to develop, test, and backport cryptographically signed patches directly into the pinned software versions running in production.
Under this expanded collaboration, IBM, Red Hat, and Deloitte deliver end-to-end software supply chain security across four core areas:
-
Continuous Visibility & Discovery: Mapping code ecosystems to identify existing software and the critical business operations it supports.
-
Contextual Prioritisation: Filtering out alert noise to isolate active, high-severity threats from un-exploitable vulnerabilities.
-
Machine-Speed Remediation: Combining automated patch validation with orchestration services to deploy fixes with minimal downtime.
-
Ecosystem Compliance: Providing evidence-based reporting to meet strict regulatory standards like DORA and PCI DSS 4.0.
To ensure smooth enterprise adoption, Deloitte will maintain a dedicated team of Forward Deployed Engineers. This initiative builds on Deloitte’s long-standing alliances with both Red Hat and IBM, providing a scalable solution tailored for highly complex and heavily regulated software environments.
