Which companies are founding members of Akrites?

Founding members include Amazon Web Services, Anthropic, Cisco, Citi, Google, IBM, JPMorganChase, Microsoft, NVIDIA, OpenAI, Red Hat, the Rust Foundation, Vodafone, and Zscaler.

What is the core problem Akrites is trying to solve?

Many organizations scan the same open-source packages independently and report the same findings multiple times, delivering conflicting patches. Maintainers get buried under duplicates while real, exploitable bugs get lost in AI-generated noise. Currently, fewer than five percent of validated open-source vulnerabilities from recent months have been patched.

How does Akrites protect vulnerability details from being leaked?

Akrites uses Coordinated Vulnerability Disclosure with confidentiality at its core: every report starts at TLP:RED, the highest classification level, and only the assigned case team can access it. This way, details about a flaw do not leak before a patch is ready.

Back to articlesAI Coding Assistants

AI Coding Assistants Open-Source AI

Linux Foundation launches Akrites to patch open-source flaws before AI exploits them

THE DECODER1d ago6 min read

Key takeaway

The Linux Foundation has launched Akrites, a coordinated initiative with about twenty major tech companies to patch security vulnerabilities in open-source software before AI tools can exploit them. Because AI models can now find flaws in large projects in minutes instead of weeks, the industry faces a critical window to fix bugs faster than attackers can weaponize them. The initiative consolidates scattered vulnerability reports into a single response team that coordinates fixes with maintainers and steps in to patch critical packages that lack active maintainers.

Summaries like this, in your inbox every morning.

3 Key Points

What happened
The Linux Foundation announced Akrites, a coordinated industry initiative bringing together about twenty tech companies—including Amazon Web Services, Anthropic, Google, IBM, Microsoft, NVIDIA, and OpenAI—to fix security vulnerabilities in widely used open-source software before attackers can exploit them. At its core is a shared Security Incident Response Team that acts as a single point of contact for maintainers instead of dozens of organizations independently reporting the same flaws.
Why it matters
AI models can now scan large open-source projects in minutes instead of weeks, exposing flaws far faster than before. This shifts the balance: attackers without deep technical skills will soon have the tools for sophisticated exploits. Currently, fewer than five percent of validated open-source vulnerabilities from recent months have been patched, and maintainers get buried under duplicate reports while real bugs get lost in noise. A shared response team aims to cut through this inefficiency.
What to watch
When a critical package no longer has an active maintainer—a common problem in volunteer-run projects—Akrites plans to step in as a "maintainer of last resort" and ship fixes itself so patches reach all users in time. Seed funding comes from Alpha-Omega, a directed fund under the Linux Foundation, and other organizations can contribute engineering resources or funding.

FAQ

Which companies are founding members of Akrites?: Founding members include Amazon Web Services, Anthropic, Cisco, Citi, Google, IBM, JPMorganChase, Microsoft, NVIDIA, OpenAI, Red Hat, the Rust Foundation, Vodafone, and Zscaler.
What is the core problem Akrites is trying to solve?: Many organizations scan the same open-source packages independently and report the same findings multiple times, delivering conflicting patches. Maintainers get buried under duplicates while real, exploitable bugs get lost in AI-generated noise. Currently, fewer than five percent of validated open-source vulnerabilities from recent months have been patched.
How does Akrites protect vulnerability details from being leaked?: Akrites uses Coordinated Vulnerability Disclosure with confidentiality at its core: every report starts at TLP:RED, the highest classification level, and only the assigned case team can access it. This way, details about a flaw do not leak before a patch is ready.

Discussion

No comments yet. Be the first to share your thoughts!

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →

Linux Foundation launches Akrites to patch open-source flaws before AI exploits them

Key takeaway

3 Key Points

FAQ

Discussion

Related Articles

AAON's water-free cooling system powers Applied Digital data centers

GitHub Copilot matches rivals on fewer tokens

AWS releases Chaplin, open-source AI health analyzer

Contraband launches VR cinema for independent films

Claude Code now integrates with Slack as shared agent

Buffett's death could trigger 10-15% Nasdaq decline

Stay ahead with AI news