As a preview to Red Hat Summit 2025, Red Hat provided a briefing that spotlights securing the AI-powered enterprise, with a clear focus on software supply chain security and safety of AI models and AI-enabled applications. Red Hat emphasized its commitment to delivering enterprise-grade open source solutions that are not only scalable and interoperable but secure by design, reinforcing the notion that open innovation can coexist with stringent security postures.
Trusted Software Supply Chain From Code to Deployment
A key area I expect to see highlighted is the Red Hat Trusted Software Supply Chain portfolio, now available to customers, offering a prescriptive and comprehensive framework to build, verify, and deploy trusted software across hybrid environments. As organizations face rising threats in their software delivery pipelines, with 62% of enterprises reporting software supply chain attacks in the past year, Red Hat’s approach enables integrity and provenance checks using Sigstore, SBOMs, and policy-based validation across the DevSecOps lifecycle.
This portfolio tightly integrates with Red Hat OpenShift, Ansible Automation Platform, and Red Hat Advanced Cluster Security to sign, verify, and enforce policies at each phase of the development pipeline, meeting emerging regulations like NIST SSDF and Executive Order 14028.
Securing AI Across the Lifecycle
With AI adoption accelerating — 83% of enterprises expected to use AI in production by 2026 — security risks are evolving. Red Hat looks to unveil a strategy to secure AI models throughout the entire lifecycle:
- Build/Train: Leveraging trusted base container images, Red Hat ensures that models are built on secure foundations, with embedded SBOMs and model lineage tracking.
- Deploy: Integration with Trusted AI pipelines allows for enforcement of policy and security validations before deployment.
- Run: Runtime integrity and observability tools help monitor inference behaviors using Red Hat OpenShift AI and partner tools like TrustyAI and LMEval, providing visibility into model bias, drift, and explainability, key to compliance and risk mitigation.
This aligns with recent concerns: 78% of data leaders cite AI explainability and safety as a major challenge to scaling enterprise AI.
Moving Forward with AI
Building AI agents requires a strategic model selection, development, and deployment approach. Most organizations are not going to build their own foundation model. Red Hat’s solution focuses on providing a curated model registry that helps developers choose verified and secure AI models. By offering a centralized catalog with detailed model attributes, developers can quickly identify models that meet their specific requirements, reducing the complexity of model selection.
To simplify the AI development process, Red Hat leverages developer hub templates and golden path approaches that automate much of the software supply chain security. These templates include pre-configured pipelines for AI model development, integrated security guardrails, and built-in compliance checks. The goal is to reduce friction in the AI development lifecycle by providing developers with a streamlined, secure framework that supports everything from model selection and fine-tuning to deployment and runtime monitoring. This approach accelerates AI application development and ensures that security and safety considerations are embedded throughout the process.
Investing in the Future with Post-Quantum, Confidential Computing, and Zero Trust
Red Hat also emphasized forward-looking security investments in areas like:
- Post-Quantum Cryptography (PQC): With NIST expected to finalize PQC standards in 2025, Red Hat is contributing to community efforts and enabling crypto-agility in its platforms to help customers prepare.
- Confidential Computing: Using Intel SGX, AMD SEV, and Kubernetes-native confidential workloads on OpenShift, customers can protect sensitive AI inference and training data.
- Zero Trust Architectures: Red Hat integrates identity-aware access, microsegmentation, and continuous verification into OpenShift and RHEL, aligning with federal Zero Trust mandates.
A Community Approach to Security
Finally, Red Hat reaffirmed the value of its ecosystem, collaborating with ISVs, CSPs, and partners like IBM Research, Intel, Lockheed Martin, and Snyk, to provide layered defenses and validated integrations. With over 1,500 certified partners and open source community stewardship, Red Hat amplifies the collective effort to secure the open source software supply chain at scale.
From an analyst perspective, Red Hat’s Trusted Software Supply Chain represents a significant step forward in helping enterprises operationalize DevSecOps at scale, not just as a philosophy, but as a measurable practice embedded throughout the software development lifecycle (SDLC). In an environment where software supply chain attacks and AI model tampering are growing in frequency and complexity, Red Hat is wisely focusing on enabling organizations to securely build, integrate, and deploy both traditional applications and AI-enabled workloads.
What makes this approach noteworthy is its balance of developer productivity and security rigor. By allowing teams to safely consume and reuse open source and third-party libraries, including AI models, while maintaining full visibility into software provenance, SBOMs, licensing, and vulnerabilities, Red Hat provides the foundational controls enterprises need to manage their supply chain risk profiles.
The emphasis on software integrity and policy enforcement aligns closely with new regulatory mandates and industry standards, positioning Red Hat as a pragmatic leader in bringing security, compliance, and innovation into alignment. This is a timely and strategic investment that meets the enterprise market where it is today, and where it’s clearly headed.
Analyst Take
Red Hat is positioning itself as a foundational enabler of secure, AI-driven digital transformation grounded in open-source, cloud-native principles. In an era where AI and software supply chains are the new attack surfaces, the Trusted Software Supply Chain portfolio and AI lifecycle security tools respond directly to the needs of enterprise AppDev teams.
Looking ahead to what to expect at Red Hat Summit in May 2025, understanding how Red Hat’s continued investment in next-gen cryptography, confidential AI, and Zero Trust gives customers a future-ready runway to build and operate AI applications with confidence.
We are also expecting much more around AI. With its parent company, IBM, Red Hat is driving much of what is happening in open source AI. Beyond delivering all aspects of the security and AI platform as Kubernetes operators, we expect to see how organizations use this technology on-premises and Red Hat Cloud deployments in hyperscaler clouds.
Stay tuned to theCUBE research for more preview material as we approach Red Hat Summit.
