
Software industry leaders recognize the expanding threat posed by use of AI to identify and exploit security vulnerabilities, particularly in open-source software.
So a range of AI and security leaders, as well as prominent customer organizations, are banding together to combat AI-powered exploits while working together on disclosure, responses, and development of hardened open-source software to prevent or mitigate AI-driven attacks.
Those leaders have launched an initiative called Akrites under the auspices of the Linux Foundation, with the objective of coordinating remediation of vulnerabilities in open-source software with those maintaining the software before vulnerabilities can be exploited.
Akrites’ backers lend considerable weight to the initiative; they include Anthropic, Google, Microsoft, NVIDIA, and OpenAI, as well as large customers including Citi and JPMorganChase. See the full list of backers.
Critical Software
In launching Akrites, the Linux Foundation – which is also shepherding the critical Model Context Protocol (MCP) interoperability spec for AI – noted the importance of open-source software in today’s digital economy; it underpins core systems in banking, energy, healthcare, telecommunications, and transportation.
JPMorganChase views Akrites as “a mechanism that enables downstream operators of critical infrastructure so that fixes reach real systems before adversaries can turn disclosures into exploits,” said Pat Opet, the bank’s Chief Information Security Officer, who has openly called for greater security controls in the AI era.
Opet added, “And upstream, we owe maintainers a single, reliable signal: confirmed vulnerabilities, well-tested proposed fixes, and a predictable partner they can trust, rather than a flood of duplicative, conflicting reports.”
Akrites aims to fix precisely the issues that Opet calls out. Today, security response involves a patchwork of organizations working on the same problems in silos or flooding maintainers of open-source software with sometimes duplicate reports. Akrites changes that model: it’s a unified source to coordinate, disclose, and remediate security vulnerabilities. Leaders are pledging to work with critical infrastructure providers to support patch deployment before vulnerable systems can be targeted.
“The existing model for coordinated disclosure has been outpaced by how quickly AI can now find vulnerabilities. Getting ahead of that requires the industry to coordinate on findings and get fixes upstream before they’re disclosed and exploited,” said Jason Clinton, Deputy Chief Information Security Officer at Anthropic. “Efforts like Akrites drive this level of coordination at the scale and speed this moment requires.”
Akrites backers pledge to do the work with confidentiality: bug fixes will flow back into each project’s original home, on maintainers’ terms. Where a critical program has no active maintainer, Akrites will serve as maintainer of last resort so fixes to the latest version propagate in a timely fashion. They also said they will coordinate with government efforts so public and private defenders move together.
“Microsoft and GitHub will contribute expertise, resources, and AI technologies to help responsibly identify and fix vulnerabilities across the open source software ecosystem that customers and organizations depend on,” said Mark Russinovich, Azure Chief Technology Officer, Deputy Chief Information Security Officer and Technical Fellow at Microsoft.
A directed fund of the Linux Foundation, called Alpha-Omega, will provide seed funding to support Akrites. Other organizations that contribute engineering resources or funding to the security of critical open source are invited to participate. More information is available at the Akrites website.
Related Insights on AI Threats and Security
- Report Underscores The AI Imperative in Combating Automated Attacks
- Security Leaders Ramp Up Agentic Use Case While Protecting Against Shadow AI
- Microsoft Taps Power of AI to Expand Breadth, Depth of Security Investigations
For a 36-Hour Immersion into the FY27 Priorities that define Partner Success in the AI Era, join us at the AI Business Solutions Partner Executive Summit, running July 22-23, 2026, in Bellevue, Washington. Register today.



