Linux Foundation Launches Akrites To Coordinate AI-Driven Open Source Security (nerds.xyz)
(Thursday June 25, 2026 @05:00PM (BeauHD)
from the coming-together dept.)
- Reference: 0184094054
- News link: https://linux.slashdot.org/story/26/06/25/2031228/linux-foundation-launches-akrites-to-coordinate-ai-driven-open-source-security
- Source link: https://nerds.xyz/2026/06/linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find/
[1]BrianFagioli writes:
> The Linux Foundation has announced [2]Akrites , a new initiative to coordinate vulnerability disclosure and remediation for critical open source software as AI dramatically speeds up vulnerability discovery. Founding members include AWS, Google, Microsoft, OpenAI, Red Hat, NVIDIA, IBM, Cisco, JPMorganChase, and others. Akrites will provide a shared Security Incident Response Team (SIRT), a standardized coordinated vulnerability disclosure process, and [3]act as a "maintainer of last resort" for abandoned but widely used packages .
>
> The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited. As AI makes it easier to find security flaws, can a coordinated industry effort help protect open source, or does it risk giving large corporations too much influence over the ecosystem?
"Akrites is the largest coordinated effort in history to create systems and deploy tooling that leverages the collective power of the community to make everyone safer," the Linux Foundation said in an [4]open letter . "Akrites participants will contribute engineering resources; work to build and ship fixes; or fund the engineers who do. Some companies have contributed mightily already. The reality is, collectively, we need to contribute more."
[1] https://slashdot.org/~BrianFagioli
[2] https://akrites.org/
[3] https://nerds.xyz/2026/06/linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find/
[4] https://akrites.org/letter/
> The Linux Foundation has announced [2]Akrites , a new initiative to coordinate vulnerability disclosure and remediation for critical open source software as AI dramatically speeds up vulnerability discovery. Founding members include AWS, Google, Microsoft, OpenAI, Red Hat, NVIDIA, IBM, Cisco, JPMorganChase, and others. Akrites will provide a shared Security Incident Response Team (SIRT), a standardized coordinated vulnerability disclosure process, and [3]act as a "maintainer of last resort" for abandoned but widely used packages .
>
> The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited. As AI makes it easier to find security flaws, can a coordinated industry effort help protect open source, or does it risk giving large corporations too much influence over the ecosystem?
"Akrites is the largest coordinated effort in history to create systems and deploy tooling that leverages the collective power of the community to make everyone safer," the Linux Foundation said in an [4]open letter . "Akrites participants will contribute engineering resources; work to build and ship fixes; or fund the engineers who do. Some companies have contributed mightily already. The reality is, collectively, we need to contribute more."
[1] https://slashdot.org/~BrianFagioli
[2] https://akrites.org/
[3] https://nerds.xyz/2026/06/linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find/
[4] https://akrites.org/letter/
LLM driven security is a scam (Score:2)
by gweihir ( 88907 )
If does not work and cannot work. LLMs are both far too limited and far too unreliable to be useful. They can create a massive sense of false security though. And while they need to be run on software (because attackers will do it), that does not make that software secure.
Stop believing LLMs are magic. They are not.
I invented attribution (Score:2)
Oh, I thought the headline said "AI driven open-source scarcity", because nobody wants to work all day and night in the code mines only to have Dario F. Amodei steal your shit and present it as its own.