en.Wedoany.com Reported - Technology companies Anthropic, Amazon Web Services (AWS), IBM, and Microsoft jointly announced a collaborative initiative to identify, disclose, and remediate security vulnerabilities in open source software.

The organization, named Akrites, has a core mission to establish shared security incident response teams and improve coordinated vulnerability disclosure processes. The alliance is led by the Linux Foundation, and founding members will contribute substantial resources, including funding, engineers, and cybersecurity expertise.
Officials stated that this initiative is primarily driven by advanced AI models, which have significantly accelerated the ability to discover vulnerabilities in critical software applications. Meanwhile, in recent months, malicious actors have demonstrated the capability to weaponize AI for sophisticated attacks. The existing open source ecosystem lacks sufficient speed in vulnerability discovery and remediation to protect millions of users from potential attacks. The organization outlined some of these concerns in an open letter to the industry.
"Artificial intelligence has disrupted the previous balance between attackers and defenders, reshaping the landscape of software usability and reuse," the alliance wrote in the letter.
Christopher Robinson, Chief Technology Officer of the Open Source Security Foundation and Chief Security Architect at the Linux Foundation, stated that Akrites aims to address some systemic challenges the open source community faces in developing coordinated vulnerability disclosure processes. He noted that the emergence of large language models and sophisticated scanning tools in recent years has exacerbated these historical challenges.
"Upstream projects are inundated with vulnerability reports of varying quality, far exceeding the capacity of these volunteer developers to assess and follow up," Robinson told Cybersecurity Dive.
Seed funding for Akrites will be provided by Alpha Omega, a directed fund under the Linux Foundation. Other organizations are being asked to contribute additional resources or engineering talent.
In recent years, the open source community has grown increasingly concerned that traditional maintainers cannot quickly discover and disclose vulnerabilities, thereby failing to prevent widespread supply chain attacks. Varun Badhwar, co-founder and CEO of Endor Labs, told Cybersecurity Dive that just one month after the announcement of Project Glasswing, over 23,000 vulnerabilities were discovered, affecting approximately 1,000 open source projects. Of these, about 6,000 were considered high-severity or critical vulnerabilities. Additionally, Glasswing's partners identified another 10,000 high-severity or critical flaws. However, to date, only 5% of these vulnerabilities have been remediated.
"No volunteer ecosystem can withstand such an impact," Badhwar said.
Other founding companies of Akrites include Cisco, Citigroup, JPMorgan Chase, Nvidia, OpenAI, Ericsson, and others.









