Seeing that we are in a time when new Linux exploits seem to be popping up every few weeks, many projects have had to take preventive measures to tackle the growing threat.Red Hat looks like the latest to act on this front. Fedora's recent announcement introduces Fedora Hummingbird, a new rolling release distribution that ships the entire OS as an OCI image.It is built on the security-first pipeline behind Project Hummingbird's existing container catalog, with the foundational project itself being something Red Hat introduced as an early access program for subscribers back in November 2025.The main idea behind the project is to ship a catalog of minimal, hardened, distroless container images kept at near-zero CVE status. When a vulnerability gets patched upstream, the build pipeline finds it, rebuilds the affected image, and ships it.Fedora Hummingbird is applying the same logic but to a full-size operating system, using a Konflux-based build pipeline, drawing over 95% of packages from Fedora Rawhide.Whatever Rawhide doesn't have yet gets pulled from upstream, and any fixes made along the way feed back into Fedora. Moreover, Red Hat's Product Security team maintains a vulnerability feed for each package, so instead of a generic CVE list, you get a clearer picture of what actually affects your setup.The kernel powering it is the Always Ready Kernel (ARK) from the CKI project, which follows mainline Linux and already ships in Fedora. And, to wrap up, all updates are atomic with rollback support, the root filesystem is read-only, and writable state stays in /var and /etc.How's it different from Fedora Atomic?If you're already running Silverblue, Kinoite, or any of the other Fedora Atomic Desktops, then the "immutable OS" moniker might feel familiar to you. But Hummingbird and those are not the same thing.Fedora's existing Atomic Desktops are rpm-ostree-based desktop variants built from the standard Fedora package set, released on Fedora's regular six-month cycle.They are built for end users who want a stable, immutable desktop experience.Fedora Hummingbird ships no desktop environment and is a rolling release that tracks Fedora Rawhide directly, built through its own dedicated pipeline where every package carries independent CVE tracking and its own lifecycle.The target here is developers and cloud-native workloads, not the desktop market.Download Fedora Hummingbird🚧This image is currently experimental and not suitable for production use.The image is available to download for the x86_64 and aarch64 platforms with no subscription or registration required. The project's source code lives on GitLab, and is open for contributions.The download page also has step-by-step instructions for spinning up a virtual machine.Fedora HummingbirdSuggested Read 📖: Dirty Frag Exploit Fixed in Fedora