Linux Foundation and Industry Leaders Launch Akrites to Defend Critical Open Source Software Against AI-Enabled Cyber Threats¶
Ch01.064 Linux Foundation and Industry Leaders Launch Akrites to Defend Critical Open Source Software Against AI-Enabled Cyber Threats¶
📊 Level ⭐ | 6.9KB |
entities/press-linux-foundation-and-industry-leaders-launch-akrites-to-defend-critical-op.md
Linux Foundation and Industry Leaders Launch Akrites to Defend Critical Open Source Software Against AI-Enabled Cyber Threats¶
Published Time: 2026-06-25T18:59:59.000Z
Markdown Content: 
Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone and Zscaler join coordinated effort to find, fix and responsibly disclose vulnerabilities in open source software the world runs on
Summary
- The Linux Foundation, joined by leading organizations, today announced Akrites, a coordinated effort to remediate and disclose vulnerabilities in critical open source software.
- Akrites establishes a shared Security Incident Response Team (SIRT) and a single, standardized Coordinated Vulnerability Disclosure (CVD) process, built on confidentiality-first principles and industry-standard tooling.
- Founding members commit engineering talent, security expertise and funding to harden the shared open source software that banks, hospitals, power grids, telecoms, governments, and AI labs depend on.
- Organizations that contribute engineering resources or funding to the security of critical open source are invited to participate and can learn more at https://akrites.org.
SAN FRANCISCO, June 25, 2026– The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced Akrites, a coordinated industry effort to harden the world’s most critical open source software in the era of AI-assisted vulnerability discovery. Backed by founding commitments from Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA , OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone and Zscaler, the initiative unites major technology companies, AI labs, financial institutions, and security vendors around a shared mission: to coordinate the remediation of vulnerabilities in widely used open source projects with upstream maintainers before those vulnerabilities can be exploited.
Open source software underpins virtually every layer of the modern digital economy, from banking and healthcare to energy, transportation, telecommunication, and government. Akrites enables industry coordination to support and defend critical infrastructure users and consumers of open source. Previously, finding and fixing serious flaws in open source software demanded comparable expertise from attackers and defenders alike. Today, frontier AI models can scan a major open source project and surface vulnerabilities in minutes. Once access to these capabilities is broadly available, bad actors who previously lacked the technical expertise to mount sophisticated attacks will have the tools they need to do so quickly.
To mark the launch, the founding signatories published a joint open letter to the technology industry, “We All Depend on Open Source. We Will Defend It Together.” The full letter is available at https://akrites.org/letter/.
In the past, security response involved a patchwork of organizations often working on the same problems independently, sometimes shipping conflicting patches or burying maintainers under duplicate reports. Akrites changes that model. The initiative provides a single, trusted place to coordinate, remediate and disclose, with a shared SIRT serving as a predictable partner for maintainers rather than a flood of uncoordinated reports. Akrites commits to working with critical infrastructure to support patch deployment before vulnerable systems can be targeted.
Confidentiality is central to the effort. Bug fixes flow back into each project’s original home, on maintainers’ terms. Where a critical package has no active maintainer, Akrites will serve as maintainer of last resort so fixes to the latest version reach everyone in a timely fashion. The initiative will also coordinate with government efforts so public and private defenders move together.
Alpha-Omega, a directed fund of the Linux Foundation, will provide seed funding to support Akrites. Other organizations that contribute engineering resources or funding to the security of critical open source are invited to participate. To learn more or to join, visit https://akrites.org.
Supporting Quotes¶
“Frontier AI models have given defenders the ability to find and fix vulnerabilities in open source software at a speed and scale that were never possible before. That's an enormous opportunity for defenders, and Akrites ensures we seize it together. Maintainers deserve a coordinated partnership, not a flood of reports. AWS is committed to securing the projects our customers depend on and building this shared infrastructure alongside the community.”
– Matt Wilson, Vice President and Distinguished Engineer, Amazon Web Services
"Open source projects collectively underpin much of the internet, and the existing model for coordinated disclosure has been outpaced by how quickly AI can now find vulnerabilities. Getting ahead of that requires the industry to coordinate on findings and get fixes upstream before they're disclosed and exploited. Efforts like Akrites drive this level of coordination at the scale and speed this moment requires."
– Jason Clinton, Deputy Chief Information Security Officer, Anthropic
"The software supply chain is only as strong as the upstream it draws from, and we see how thin that layer really is. As AI finds more vulnerabilities, the industry will rush to patch them. Without coordination, those fixes will fragment across different patches and forks, and maintainers who are already overwhelmed, unreachab
→ 原文存档