During the Red Hat Summit 2026 It has been presented one of the most groundbreaking bets within the Fedora ecosystem: Fedora Hummingbird, a rolling-release, image-based Linux distribution designed for AI agents and developers living in containersIt's not "just another Fedora," but a very serious experiment to bring the distroless model and container security best practices to the host operating system itself.
This new system starts from an ambitious goal: Minimize vulnerabilities (CVEs) as much as possible in both container images and the operating systemWhile offering Fedora Rawhide's own update speed, but packaged in the form of OCI images, with atomic updates, integrated rollback, and a very clear focus on the world of automation and AI agents.
What is Fedora Hummingbird and what makes it different?
Fedora Hummingbird is, in essence, a rolling-release Linux distribution based on imagesUnlike traditional RPM-based Fedora systems installed in the classic way, here the system is built and distributed as if it were a container, but with everything necessary to be a complete host: kernel, user space, services and basic tools.
The underlying idea is clear: Combine Project Hummingbird's distroless model with a complete operating system that can be used in virtual machines, bare metal, or even as a host for other containers.This results in a coherent environment that is easy to update and has a more controlled attack surface, which is key in environments where multiple runtimes and versions are deployed simultaneously.
Within the Fedora community, Hummingbird is presented as An advanced experimental space for image-based systems, continuously maintained and oriented towards a future where AI agents play a leading role in the software lifecycleIt does not replace other editions such as Silverblue, Kinoite or Fedora CoreOS, but it does open the door to an even more integrated model with automatic pipelines and security by design.
Project Hummingbird: the origin of the Distroless approach
To understand Fedora Hummingbird, you have to start from its root: Project Hummingbird, the initiative focused on building minimalist, hardened container images with the explicit goal of approaching zero CVEThe entire architecture design, from the package set to the build tools, is geared towards reducing the attack surface and automating vulnerability management.
The most striking thing is the commitment to "distro-less" imagery: They do not include a package manager, shell, or generic utilities; they contain only the application and the dependencies strictly necessary to run it.This prevents you from downloading unnecessary components riddled with potential CVEs that you then have to manage manually.
The philosophy is that, When you pull a Hummingbird image, the pipeline has already done the dirty work: CVE triage, patching, rebuilding, and releasing the new version.This saves you a good portion of the typical container vulnerability nightmare. Furthermore, the CVE status by image and variant is published in near real-time in the Hummingbird catalog, so you know exactly where you stand.
In these months of work, the team has assembled a catalog with 49 unique distroless images and 157 variants, including FIPS and multi-architecture buildsThey cover widely used runtimes such as Python, Go, Node.js, Rust, Ruby, OpenJDK, .NET, as well as services like PostgreSQL or nginx, among many others.
Catalina technical: how Hummingbird images are constructed
Behind this catalog there is A Konflux-based pipeline designed to deliver isolated, reproducible, and easily incrementally updated buildsThe system works with pinned package lists, which allows you to rebuild the exact same image, track changes, and ensure long-term consistency.
To reduce the cost of upgrades, the team has developed Chunkah, a tool that allows you to download only the modified parts of an imageThis avoids having to download the entire image set again with each update. It's a very practical approach in environments where images are constantly deployed in clusters or hybrid clouds.
Safety is a pillar: The images are continuously scanned with Syft and Grype, detecting vulnerabilities as soon as they are reported and applying patches as soon as they are available upstream.The moment a fix lands in the corresponding project, the pipeline triggers the rebuild, runs the tests, and publishes the new image.
Another key element is the relationship with Fedora Rawhide: Over 95% of the packages in each Hummingbird image come directly from Fedora Rawhide, unmodified.When Rawhide doesn't yet include a new enough version, the system pulls directly from upstream, and the team collaborates by rolling changes back to Fedora, closing the circle between experimentation and the base distribution.
The so-called “Hummingbird factory” compiles the packages so that each one has its own identity, independent lifecycle, distinct patching policy, and its own vulnerability feedMaintained by the Red Hat Product Security team, each package includes machine-readable vulnerability data that indicates not only which CVEs exist, but which ones actually affect a specific workload.
From container to operating system: Fedora Hummingbird as an OS in image
The same security and maintenance challenges identified in user space also appear at the operating system layer. Therefore, The next logical step for Project Hummingbird has been to apply this same approach to the host: thus Fedora Hummingbird is born as a complete operating system in the form of an OCI image.
The image of Fedora Hummingbird is publicly available at quay.io/hummingbird-community/bootc-osIt is built using the same Konflux pipeline and RPM tightness as the rest of the Hummingbird catalog. It already supports x86_64 and aarch64 architectures, making it suitable for both traditional servers and newer ARM environments.
The objective is that This image can run in containers, virtual machines, and bare metal deployments, with consistent behavior in all cases.This aligns with Fedora's bootable containers initiative, which proposed delivering the operating system itself as a container image, with an atomic upgrade model and rollback in case of problems.
In this layout, The root of the file system is read-only, while the entire modifiable state lives in /var y /etccompletely separate from the system image content. This separation reduces configuration drift, eliminates partial update states, and makes rollbacks reliable.
The ARK kernel and integration with the CKI project
Under the hood, the Fedora Hummingbird leans on ARK (Always Ready Kernel), from the CKI (Continuous Kernel Integration) project, which closely follows Linus Torvalds' mainlineThis kernel is already used today in Fedora, but in Hummingbird it takes on a key role as the basis of a system that is continuously updated.
The great value of CKI is that It not only offers a carefully curated kernel configuration, but also an entire engineering and testing framework built around a high-speed kernel flow.This allows for the rapid adoption of new core kernel features without losing sight of stability, a delicate balance when prioritizing upstream speed.
Thanks to this combination, Fedora Hummingbird can offer an environment that is always up-to-date in terms of kernel, but with a level of automated testing that is difficult to achieve in more manual modelsFor developers who rely on new kernel capabilities (for example, in containers, networking, storage, or support for newer hardware), this approach is particularly attractive.
Fedora Hummingbird Linux: a rolling distribution for AI agents and developers
Red Hat defines Fedora Hummingbird Linux as A container-native, rolling-release Linux operating system designed for "builders" of the agentic era: human developers and AI agents who need to deploy environments almost instantaneously.The key is that it avoids classic release cycles and six-month or longer lock-ins, embracing continuous updates from upstream communities.
One of the most differentiating points is that Hummingbird is designed so that it is chosen by the AI agents themselves during the experimentation phase.In a scenario where an agent needs to quickly set up an environment, any manual registration, form, or verification creates a bottleneck. That's why Fedora Hummingbird Linux can be downloaded without registration, using anonymous pulls designed for automated deployments in hybrid clouds and lab environments.
This model turns Hummingbird into a kind of "default operating system" for agents whose sole purpose is to set up a test environment as quickly as possibleFrom there, the natural path points towards production environments governed by Red Hat Enterprise Linux and OpenShift Virtualization, where classic enterprise support comes into play.
In the words of Red Hat itself, The Linux market has forked: operations teams need the decades-long stability of RHEL, while developers (humans and agents) demand upstream speed and image-based workflows.Fedora Hummingbird Linux is positioned precisely at that second extreme, as a reference platform for the software that will build the future of business.
A “lights out” software factory powered by AI agents
One of the most striking new features is that Much of the maintenance and integration of new features in Fedora Hummingbird Linux is done by AI agents, with human supervision.Red Hat describes the process as a lights-out “software factory”, meaning it is highly automated and capable of functioning virtually without direct intervention.
This allows the distribution It advances at the pace of the AI ecosystem, something impossible to match with traditional manual packaging.The combination of agents that automate repetitive tasks (CVE triage, patch generation, integration of new versions) and human reviews at critical points seeks to balance speed and security.
From a security standpoint, Hummingbird relies on the same automated infrastructure and Konflux pipelines that underpin Red Hat Hardened ImagesThis means that the languages, runtimes, databases, and tools served from these images are free of known CVEs and accompanied by complete SBOMs (Software Bill of Materials), something highly valued in supply chain audits.
Frictionless onboarding and a path to enterprise production
In the so-called "agentic era", the first decision about which operating system to use is no longer always made by a person: An AI agent can choose the distribution during the testing phase of a projectIf that agent encounters registrations, licensing requirements, or access barriers, innovation is stifled. Fedora Hummingbird Linux was created to circumvent those obstacles.
Therefore, the distribution It allows anonymous pulls and supports ultra-fast deployments, eliminating the registration walls that often slow down agents and highly automated CI/CD workflows.This makes it an extremely convenient option for laboratories, prototypes, and proof-of-concept testing in the cloud.
Red Hat, however, is not just experimenting: plans to offer a Cooperative Community Support model associated with the Red Hat subscriptionso that Hummingbird users can quickly find and take advantage of community resources while also connecting with the enterprise support ecosystem.
The medium-term vision is that Hummingbird acts as a "toll-free" gateway from the developer's laptop to serious cloud testing, and from there, without the need for traumatic migrations, to the RHEL and OpenShift world for production workloads.Thus, the entire journey is covered: free experimentation, consolidation, and finally, governed deployment.
Differences between Fedora Hummingbird Linux and AI-oriented Red Hat Desktop
During the same Red Hat Summit, the following were presented: Two different Linux desktop proposals for the world of AI: the new Red Hat Desktop, focused on developers with a governed environment, and Fedora Hummingbird Linux as a free and rolling-release option for builders and agents.Although they complement each other, they play different roles.
The new Red Hat Desktop It is based on Red Hat's build of Podman DesktopIts purpose is to facilitate the creation, management, and deployment of containers on Linux, macOS, and Windows. It is built on Red Hat Hardened Images and Red Hat Trusted Libraries, offering a strong focus on security and alignment with OpenShift environments.
At that desk, OpenShift Dev Spaces provides an extensible framework for integrating AI assistants directly into the cloud IDE.It includes a technical preview of the AWS Kiro code assistant, as well as integrations with Microsoft Copilot, Claude CLI, Cline, Continue, Roo, and others. The message is clear: develop with the assistant of your choice, whether proprietary or open source.
Another interesting element is Kaiden, an open source solution for isolating AI agents in sandboxesThis allows you to test agents and their actions on your own local machine, minimizing the risk of an agent's erroneous decision crashing the host system. For those who experiment extensively with autonomous agents, it's a lifesaver.
Red Hat Advanced Developer Suite also includes AI-powered exploit intelligence capabilitiesThese tools help determine whether a known vulnerability in AI-generated code actually affects a specific runtime environment. This allows for prioritizing remediation and mitigation based on the actual risk, not just the existence of the CVE.
Meanwhile, Fedora Hummingbird Linux is positioning itself as a free distribution, “free as in beer and free as in freedom”, rolling-release, designed as the default operating system for agents and automated workflowsIt does not follow frozen release cycles, but delivers updates from upstream as soon as they are ready.
Red Hat also plans that Fedora Hummingbird Linux is offered as the default option in developer-focused cloud providers.These are typical environments where small personal projects or proofs of concept are started. Red Hat Desktop, on the other hand, acts as the governed development environment that best reflects production on RHEL and the rest of the Red Hat AI family.
Relationship with Fedora, Fedora CoreOS and the community
Fedora Hummingbird is not born in isolation: Multiple members of the Hummingbird team are already contributors and maintainers of packages on Fedora., including fundamental pieces like Podman and other container tools critical to the Linux ecosystem, as well as part of the team behind Fedora CoreOS.
The jobs in Fedora bootable containers laid the technical foundation for Fedora HummingbirdMany of the people involved in that initiative are still pushing the Hummingbird project, but with a broader vision: to consolidate a complete operating system delivered as an image.
The stated intention is Integrate Hummingbird into the Fedora Project so that it can grow and benefit from the same community ecosystemIn fact, the Hummingbird pipeline already builds and publishes a set of images based entirely on Fedora Rawhide. quay.io/organization/hummingbird-rawhide, which strengthens the connection.
Part of the current work focuses on Reduce the mix between Hummingbird-built RPMs and standard Fedora packages within the imageto fully align the technological foundation. It is precisely at this point that community collaboration becomes most valuable, both for refining the model and for extending it to new scenarios.
In addition, the team is already bringing Fedora back. Container-specific optimizations, fixes found in .spec files, and improvements that benefit the entire distributionThe vulnerability feed that accompanies Hummingbird packages is also considered a potentially interesting contribution to the rest of the Fedora ecosystem.
Current status, prototypes and ecosystem surrounding Hummingbird
The Fedora Hummingbird bootc OS image It launches today and can be tried without registration, subscriptions, or license management tools like subscription-manager.The code is public, the pipeline is live, and the team encourages more people to get on board to put the system to real-world testing.
They already exist CoreOS-style desktop and base prototypes on HummingbirdDriven by members of the community and developers involved in projects like Universal Blue, "CoreOS Desktop" base images have been created in a single day from Fedora RPMs. These images boot successfully and serve as proof that the approach is viable and closer to reality than it seems.
In this context, changes in plans for community projects have been explained, such as the abandonment of stable→testing→next branch schemes in favor of targeted testing branches and a more decisive focus on sealed images and HummingbirdThe idea is that this new ecosystem will attract a contributor profile enthusiastic about experimenting with next-generation operating system models.
The community is already actively discussing these ideas in Specific threads, special interest groups (SIGs), and open conversation channelsThe atmosphere is typical of Fedora: lots of experimentation, technical debate, and an explicit invitation for anyone who wants to get involved, whether by testing images, reporting bugs, or contributing code.
How to start trying Fedora Hummingbird today
For those who want to start tinkering right away, the team proposes A quick boot flow in a virtual machine using Podman, bootc-image-builder, and virt-install, taking advantage of the image available in Quay.
The general steps consist of Pulling the Hummingbird bootc OS image from quay.io using podman, then run the container of bootc-image-builder with the appropriate volumes to generate an image qcow2 with ext4 file system, and place that image in the libvirt storage path.
Then, renaming the file disk.qcow2 to a more descriptive name and using virt-install with simple parameters (memory, vCPUs, disk, network and VNC graphics)You can quickly set up a Fedora Hummingbird virtual machine. It's not a traditional installer; you're essentially booting directly from a pre-assembled image.
From there, one is encouraged to Test the system, review its behavior, validate updates, and report any unusual behavior.Feedback is especially valuable in these early stages, when the integration between the traditional Fedora world and the Hummingbird images world is still being fine-tuned.
Participation, contribution and the future of the project
Anyone who dares to go beyond the simple test can Open issues, suggest improvements, or submit contributions directly to the project repository, which currently resides at gitlab.com/redhat/hummingbird/containersOne of the next planned steps is precisely to migrate and establish the project within Fedora's own infrastructure.
Furthermore, There are introductory sessions and GIS-driven meetings related to Hummingbirdwhere the technical model is explained, questions about the pipeline, security or integration with tools like Podman are answered, and efforts between Red Hat and the Fedora community are coordinated.
In terms of vision, it is expected that Fedora Hummingbird becomes the laboratory where the community tests new image-based system models and continuous maintenance, before those ideas end up influencing the rest of the Linux ecosystemFedora has always played that role of "testing ground" for technologies that later end up dominating the business landscape.
Taken together, Fedora Hummingbird and its associated ecosystem paint a picture a future where operating systems are built and maintained much like modern containers: minimalist images, automated pipelines, built-in security, and update cycles that keep pace with today's frenetic software, both for developers and for AI agents who need ready-to-fly environments.
