Artificial intelligence is making software development faster, but it is also giving attackers new tools to find vulnerabilities at a pace many organizations simply are not prepared to match.
That is the message behind a new collaboration involving IBM, Red Hat, and Deloitte, which aims to help enterprises respond to software vulnerabilities faster without forcing disruptive upgrades across production environments.
The companies argue that traditional patching workflows are becoming increasingly difficult to sustain as AI tools help researchers and criminals alike discover weaknesses in software more quickly than ever before. Waiting weeks or months for a new software release may no longer be acceptable when exploits can potentially appear within hours of a flaw becoming public.
To address that problem, IBM and Red Hat created an initiative called Lightwell. Rather than requiring organizations to jump to newer software versions to receive security fixes, the project focuses on developing and validating patches for the exact versions businesses are already running in production.
For many enterprises, that distinction matters. Upgrading software is rarely as simple as clicking an update button. A new version can introduce compatibility problems, require extensive testing, or create downtime for critical systems. As a result, organizations often delay upgrades, leaving older but stable deployments exposed to known vulnerabilities.
Lightwell attempts to separate security fixes from the normal upgrade cycle by backporting patches directly to those existing deployments.
Deloitte’s role is to help operationalize the process for customers through integration services and dedicated engineering support. The company says it will provide teams of engineers to assist organizations with testing, deployment, and long-term maintenance of those fixes.
The broader issue extends beyond any one partnership. Modern applications often contain a mix of internally developed code, open source components, and commercial software from multiple vendors. A single vulnerability buried deep in that stack can quickly become a problem for thousands of organizations.
Open source software remains one of the foundations of the modern technology industry, but maintaining it has always depended heavily on the time and efforts of individual developers and small teams. If AI is allowing attackers to move faster, defenders may need similar levels of automation simply to keep pace.
Whether initiatives like Lightwell can scale enough to make a meaningful difference remains an open question. What seems increasingly clear, however, is that the old model of manually tracking vulnerabilities and slowly rolling out upgrades may not survive the AI era unchanged.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz