Artificial intelligence is changing cybersecurity in ways that aren’t all positive. While AI can help security researchers identify software flaws faster than ever, it can also give attackers the same advantage. That’s the problem the Linux Foundation hopes to address with a new initiative called Akrites.
Akrites is a coordinated effort to help secure critical open source software before newly discovered vulnerabilities can be exploited. The project launches with backing from a long list of heavy hitters, including Amazon Web Services, Anthropic, Cisco, Google, IBM, Microsoft, NVIDIA, OpenAI, Red Hat, JPMorganChase, Citi, Sonatype, Vodafone, Zscaler, and several others.
ALSO READ: Google, Microsoft, and OpenAI unite behind new Linux Foundation AI project
If you’ve followed open source security over the years, the premise will sound familiar. Large companies often discover the same vulnerability at roughly the same time, then independently contact maintainers or develop their own fixes. That can create duplicate reports, conflicting patches, and extra work for developers who are often maintaining important software in their spare time.
Akrites aims to clean up that process. Instead of dozens of organizations working separately, the initiative establishes a shared Security Incident Response Team and a standardized coordinated vulnerability disclosure process. In theory, maintainers get one trusted partner instead of a flood of overlapping security reports.
One aspect that caught my attention is Akrites’ promise to act as a “maintainer of last resort” for abandoned but widely used open source packages. That’s an ambitious goal. Plenty of aging projects still power production systems around the world despite having little or no active maintenance.
The urgency is understandable. The companies behind Akrites argue that advanced AI models can now analyze large codebases and uncover potential vulnerabilities in minutes. Whether those same capabilities ultimately benefit defenders more than attackers remains an open question, but it’s clear the security landscape is changing quickly.
I think this effort has real potential, but success will depend on whether independent maintainers actually embrace it. Open source has never been short on corporate-backed security initiatives. What’s harder is earning the trust of the volunteers who maintain many of the projects everyone else depends on. If Akrites can make their lives easier without adding bureaucracy, it could become an important piece of the open source security ecosystem. If not, the impressive list of founding members won’t matter nearly as much.
For now, it’s an interesting response to a very real problem, and one worth watching as AI continues to reshape software security.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz