A new, Linux Foundation–led initiative called Akrites launches to protect open-source software from AI‑driven vulnerability discovery and rapid exploitation, with a goal of hardening critical OSS across industries.

Akrites invites additional organizations to join, expanding a coordinated industry effort to defend the software supply chain against AI-enabled threats.

The program establishes a standardized Coordinated Vulnerability Disclosure process and a shared Security Incident Response Team to coordinate remediation and confidential disclosure with upstream maintainers.

Confidentiality is central: bug fixes flow back to original projects on maintainers’ terms, and Akrites can serve as maintainer of last resort for critically unmaintained packages to ensure timely fixes.

Benefits include faster upstream fixes, protection of critical infrastructure, and a scalable model to defend sectors like banking, healthcare, energy, and government.

Focus is on rapid patch deployment and coordinating with critical infrastructure admins to accelerate rollouts once updates are public, outpacing AI-enabled exploit development.

Akrites aims to reduce duplicated effort and patch fragmentation by providing a central coordination point and a joint SIRT to handle vulnerabilities before public disclosure, coordinating upstream.

The initiative seeks to prevent patch fragmentation and duplicate reports by offering a trusted centralized channel for vulnerability coordination with government alignment between public and private defenders.

More information and joining details are available at akrites.org, including the launch letter and contact channels.

Founding commitments come from a broad coalition of tech companies, AI labs, financial institutions, and security vendors, including AWS, Anthropic, Cisco, Citi, Google, IBM, Microsoft, NVIDIA, OpenAI, Red Hat, Rust Foundation, Vodafone, Zscaler, and others.

Founders include major tech players (AWS, Anthropic, Cisco, Google, IBM, Microsoft, GitHub, NVIDIA, OpenAI, Red Hat, Vodafone, JPMorgan Chase) with participating organizations like OpenSSF, CNCF, OpenInfra Foundation, and Rust Foundation.

The initiative seeks collaboration with original project developers to feed security updates back into source code and, if necessary, act as “maintainer of last resort” for essential projects with no active maintainers.